Executive Summary
Summary | |
---|---|
Title | perl security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:1011 | First vendor Publication | 2007-11-05 |
Vendor | RedHat | Last vendor Modification | 2007-11-05 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated Perl packages that fix security issues for Red Hat Application Stack v1.2 are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 3. Problem description: Perl is a high-level programming language commonly used for system administration utilities and Web programming. A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl. (CVE-2007-5116) Users of Perl are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 323571 - CVE-2007-5116 perl regular expression UTF parsing errors |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-1011.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10669 | |||
Oval ID: | oval:org.mitre.oval:def:10669 | ||
Title: | Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. | ||
Description: | Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5116 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17476 | |||
Oval ID: | oval:org.mitre.oval:def:17476 | ||
Title: | USN-552-1 -- perl vulnerability | ||
Description: | It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-552-1 CVE-2007-5116 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | perl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20027 | |||
Oval ID: | oval:org.mitre.oval:def:20027 | ||
Title: | DSA-1400-1 perl - arbitrary code execution | ||
Description: | Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in Perl's regular expression compiler, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1400-1 CVE-2007-5116 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | perl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22461 | |||
Oval ID: | oval:org.mitre.oval:def:22461 | ||
Title: | ELSA-2007:0966: perl security update (Important) | ||
Description: | Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0966-02 CVE-2007-5116 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | perl |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for perl File : nvt/sles10_perl0.nasl |
2009-10-10 | Name : SLES9: Security update for perl File : nvt/sles9p5018078.nasl |
2009-04-09 | Name : Mandriva Update for perl MDKSA-2007:207 (perl) File : nvt/gb_mandriva_MDKSA_2007_207.nasl |
2009-03-23 | Name : Ubuntu Update for perl vulnerability USN-552-1 File : nvt/gb_ubuntu_USN_552_1.nasl |
2009-02-27 | Name : Fedora Update for perl FEDORA-2007-3218 File : nvt/gb_fedora_2007_3218_perl_fc8.nasl |
2009-02-27 | Name : Fedora Update for perl FEDORA-2007-3255 File : nvt/gb_fedora_2007_3255_perl_fc7.nasl |
2009-02-27 | Name : Fedora Update for perl FEDORA-2007-748 File : nvt/gb_fedora_2007_748_perl_fc6.nasl |
2009-02-17 | Name : Fedora Update for perl FEDORA-2008-3392 File : nvt/gb_fedora_2008_3392_perl_fc8.nasl |
2009-02-17 | Name : Fedora Update for perl FEDORA-2008-3399 File : nvt/gb_fedora_2008_3399_perl_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-28 (perl) File : nvt/glsa_200711_28.nasl |
2008-09-04 | Name : FreeBSD Ports: perl, perl-threaded File : nvt/freebsd_perl2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1400-1 (perl) File : nvt/deb_1400_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40409 | Perl Regular Expression Engine (regcomp.c) Polymorphic opcode Support UTF Reg... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0966.nasl - Type : ACT_GATHER_INFO |
2013-01-30 | Name : The remote AIX host is missing a security patch. File : aix_IZ10244.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071105_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071105_perl_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11964.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0001.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0966.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U815030.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3399.nasl - Type : ACT_GATHER_INFO |
2008-02-12 | Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U814193.nasl - Type : ACT_GATHER_INFO |
2007-12-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_perl-4665.nasl - Type : ACT_GATHER_INFO |
2007-12-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-552-1.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-748.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-28.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote openSUSE host is missing a security update. File : suse_perl-4675.nasl - Type : ACT_GATHER_INFO |
2007-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3255.nasl - Type : ACT_GATHER_INFO |
2007-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3218.nasl - Type : ACT_GATHER_INFO |
2007-11-07 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5b47c2798cb511dc88780016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2007-11-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1400.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-207.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0966.nasl - Type : ACT_GATHER_INFO |