6.9 - USN-700-2

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Perl regression

Informations
Name	USN-700-2	First vendor Publication	2009-01-15
Vendor	Ubuntu	Last vendor Modification	2009-01-15
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS:
perl 5.8.8-12ubuntu0.4

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-700-1 fixed vulnerabilities in Perl. Due to problems with the Ubuntu 8.04 build, some Perl .ph files were missing from the resulting update. This update fixes the problem. We apologize for the inconvenience.

Original advisory details:

Jonathan Smith discovered that the Archive::Tar Perl module did not
correctly handle symlinks when extracting archives. If a user or
automated system were tricked into opening a specially crafted tar file,
a remote attacker could over-write arbitrary files. (CVE-2007-4829)

Tavis Ormandy and Will Drewry discovered that Perl did not correctly
handle certain utf8 characters in regular expressions. If a user or
automated system were tricked into using a specially crafted expression,
a remote attacker could crash the application, leading to a denial
of service. Ubuntu 8.10 was not affected by this issue. (CVE-2008-1927)

A race condition was discovered in the File::Path Perl module's rmtree
function. If a local attacker successfully raced another user's call
of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06
and 8.10 were not affected by this issue. (CVE-2008-5302)

A race condition was discovered in the File::Path Perl module's rmtree
function. If a local attacker successfully raced another user's call of
rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected
by this issue. (CVE-2008-5303)

Original Source

Url : http://www.ubuntu.com/usn/USN-700-2

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-362	Race Condition
25 %	CWE-399	Resource Management Errors
25 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10579

Oval ID:	oval:org.mitre.oval:def:10579
Title:	Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
Description:	Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1927	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section perl-suidperl is earlier than 2:5.8.0-98.EL3 AND perl is earlier than 2:5.8.0-98.EL3 AND perl-CPAN is earlier than 2:1.61-98.EL3 AND perl-CGI is earlier than 2:2.89-98.EL3 AND perl-DB_File is earlier than 2:1.806-98.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section perl-suidperl is earlier than 3:5.8.5-36.el4_6.3 AND perl is earlier than 3:5.8.5-36.el4_6.3 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section perl-suidperl is earlier than 0:5.8.8-10.el5_2.3 AND perl is earlier than 0:5.8.8-10.el5_2.3

Definition Id: oval:org.mitre.oval:def:11076

Oval ID:	oval:org.mitre.oval:def:11076
Title:	Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Description:	Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-5302	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section perl-suidperl is earlier than 4:5.8.8-32.el5_5.1 AND perl is earlier than 4:5.8.8-32.el5_5.1

Definition Id: oval:org.mitre.oval:def:11658

Oval ID:	oval:org.mitre.oval:def:11658
Title:	Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
Description:	Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-4829	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND perl-Archive-Tar is earlier than 0:1.39.1-1.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND perl-Archive-Tar is earlier than 1:1.39.1-1.el5_5.1

Definition Id: oval:org.mitre.oval:def:13257

Oval ID:	oval:org.mitre.oval:def:13257
Title:	USN-700-2 -- perl regression
Description:	USN-700-1 fixed vulnerabilities in Perl. Due to problems with the Ubuntu 8.04 build, some Perl .ph files were missing from the resulting update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module�s rmtree function. If a local attacker successfully raced another user�s call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module�s rmtree function. If a local attacker successfully raced another user�s call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue
Family:	unix	Class:	patch
Reference(s):	USN-700-2 CVE-2007-4829 CVE-2008-1927 CVE-2008-5302 CVE-2008-5303	Version:	5
Platform(s):	Ubuntu 8.04	Product(s):	perl
Definition Synopsis:
Ubuntu 8.04 is installed Architecture section Architecture independent section Installed architecture is all AND Packages section perl-modules DPKG is earlier than 5.8.8-12ubuntu0.4 AND perl-doc DPKG is earlier than 5.8.8-12ubuntu0.4 AND libcgi-fast-perl DPKG is earlier than 5.8.8-12ubuntu0.4 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libperl-dev DPKG is earlier than 5.8.8-12ubuntu0.4 AND perl-suid DPKG is earlier than 5.8.8-12ubuntu0.4 AND perl DPKG is earlier than 5.8.8-12ubuntu0.4 AND perl-base DPKG is earlier than 5.8.8-12ubuntu0.4 AND libperl5.8 DPKG is earlier than 5.8.8-12ubuntu0.4 AND perl-debug DPKG is earlier than 5.8.8-12ubuntu0.4

Definition Id: oval:org.mitre.oval:def:20069

Oval ID:	oval:org.mitre.oval:def:20069
Title:	DSA-1556-2 perl - denial of service
Description:	It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
Family:	unix	Class:	patch
Reference(s):	DSA-1556-2 CVE-2008-1927	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	perl
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND perl DPKG is earlier than 0:5.8.8-7etch3

Definition Id: oval:org.mitre.oval:def:21014

Oval ID:	oval:org.mitre.oval:def:21014
Title:	USN-700-1 -- libarchive-tar-perl, perl vulnerabilities
Description:	Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives.
Family:	unix	Class:	patch
Reference(s):	USN-700-1 CVE-2007-4829 CVE-2008-1927 CVE-2008-5302 CVE-2008-5303	Version:	5
Platform(s):	Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10	Product(s):	libarchive-tar-perl perl
Definition Synopsis:
Ubuntu 6.06 release section Ubuntu 6.06 is installed Packages match section libarchive-tar-perl DPKG is earlier than 0:1.26-2ubuntu0.1 AND libperl5.8 DPKG is earlier than 0:5.8.7-10ubuntu1.2 AND Ubuntu 7.10 release section Ubuntu 7.10 is installed Packages match section libarchive-tar-perl DPKG is earlier than 0:1.31-1ubuntu0.1 AND libperl5.8 DPKG is earlier than 0:5.8.8-7ubuntu3.4 AND perl-modules DPKG is earlier than 0:5.8.8-7ubuntu3.4 AND Ubuntu 8.04 release section Ubuntu 8.04 is installed Packages match section libarchive-tar-perl DPKG is earlier than 0:1.36-1ubuntu0.1 AND libperl5.8 DPKG is earlier than 0:5.8.8-12ubuntu0.3 AND perl-modules DPKG is earlier than 0:5.8.8-12ubuntu0.3 AND Ubuntu 8.10 release section Ubuntu 8.10 is installed AND perl-modules DPKG is earlier than 0:5.10.0-11.1ubuntu2.2

Definition Id: oval:org.mitre.oval:def:22332

Oval ID:	oval:org.mitre.oval:def:22332
Title:	RHSA-2010:0505: perl-Archive-Tar security update (Moderate)
Description:	Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0505-01 CESA-2010:0505 CVE-2007-4829	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	perl-Archive-Tar
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x AND perl-Archive-Tar is earlier than 1:1.39.1-1.el5_5.1

Definition Id: oval:org.mitre.oval:def:22433

Oval ID:	oval:org.mitre.oval:def:22433
Title:	ELSA-2008:0522: perl security update (Important)
Description:	Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0522-01 CVE-2008-1927	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	perl
Definition Synopsis:
Oracle Linux 5.x rpm test perl-suidperl is earlier than 4:5.8.8-10.el5_2.3 AND perl is earlier than 4:5.8.8-10.el5_2.3

Definition Id: oval:org.mitre.oval:def:23048

Oval ID:	oval:org.mitre.oval:def:23048
Title:	ELSA-2010:0505: perl-Archive-Tar security update (Moderate)
Description:	Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0505-01 CVE-2007-4829	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	perl-Archive-Tar
Definition Synopsis:
Oracle Linux 5.x AND perl-Archive-Tar is earlier than 1:1.39.1-1.el5_5.1

Definition Id: oval:org.mitre.oval:def:28121

Oval ID:	oval:org.mitre.oval:def:28121
Title:	DEPRECATED: ELSA-2010-0458 -- perl security update (moderate)
Description:	[4:5.8.8-32.el5.1] - third version of patch fix change of behaviour of rmtree for common user - Resolves: rhbz#597203 [4:5.8.8-32.el5] - rhbz#595416 change documentation of File::Path - Related: rhbz#591167 [4:5.8.8-31.el5] - remove previous fix - Related: rhbz#591167 [4:5.8.8-30.el5] - change config to file on Util.so - Related: rhbz#594406 [4:5.8.8-29.el5] - CVE-2008-5302 - use latest patch without Cwd module - 507378 because of our paths we need to overload old Util.so in case customer installed Scalar::Util from cpan. In this case we marked new Util.so as .rpmnew. - Related: rhbz#591167 - Resolves: rhbz#594406 [4:5.8.8-28.el5] - CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1 - CVE-2010-1168 perl Safe: Intended restriction bypass via object references - CVE-2010-1447 Safe 2.26 and earlier: Intended restriction bypass via Perl object references in code executed outside safe compartment - Related: rhbz#591167
Family:	unix	Class:	patch
Reference(s):	ELSA-2010-0458 CVE-2010-1168 CVE-2010-1447 CVE-2008-5302 CVE-2008-5303	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	perl
Definition Synopsis:
Oracle Linux 5.x Packages match section perl is earlier than 0:5.8.8-32.el5_5.1 AND perl-suidperl is earlier than 0:5.8.8-32.el5_5.1

Definition Id: oval:org.mitre.oval:def:6680

Oval ID:	oval:org.mitre.oval:def:6680
Title:	VMware ESX,Service Console update for perl.
Description:	Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-5303	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201009411-SG is not installed.

Definition Id: oval:org.mitre.oval:def:6890

Oval ID:	oval:org.mitre.oval:def:6890
Title:	VMware ESX,Service Console update for perl.
Description:	Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-5302	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201009411-SG is not installed.

Definition Id: oval:org.mitre.oval:def:8071

Oval ID:	oval:org.mitre.oval:def:8071
Title:	DSA-1556 perl -- heap buffer overflow
Description:	It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
Family:	unix	Class:	patch
Reference(s):	DSA-1556 CVE-2008-1927	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	perl
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section perl-modules is earlier than 5.8.8-7etch3 AND perl-doc is earlier than 5.8.8-7etch3 AND libcgi-fast-perl is earlier than 5.8.8-7etch3 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libperl-dev is earlier than 5.8.8-7etch3 AND perl-suid is earlier than 5.8.8-7etch3 AND perl is earlier than 5.8.8-7etch3 AND perl-base is earlier than 5.8.8-7etch3 AND libperl5.8 is earlier than 5.8.8-7etch3 AND perl-debug is earlier than 5.8.8-7etch3

Definition Id: oval:org.mitre.oval:def:9699

Oval ID:	oval:org.mitre.oval:def:9699
Title:	Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Description:	Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-5303	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section perl-suidperl is earlier than 4:5.8.8-32.el5_5.1 AND perl is earlier than 4:5.8.8-32.el5_5.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Perl File cpe:2.3:a:perl:file::path:1.08:::::::* cpe:2.3:a:perl:file::path:2.07:::::::*	2
Application	Perl cpe:2.3:a:perl:perl:5.8.8:::::::*	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::	4

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for perl CESA-2010:0458 centos5 i386 File : nvt/gb_CESA-2010_0458_perl_centos5_i386.nasl
2011-08-09	Name : CentOS Update for perl-Archive-Tar CESA-2010:0505 centos5 i386 File : nvt/gb_CESA-2010_0505_perl-Archive-Tar_centos5_i386.nasl
2010-07-06	Name : Perl Archive::Tar Module Remote Directory Traversal Vulnerability File : nvt/gb_perl_archive_tar_26355.nasl
2010-07-02	Name : RedHat Update for perl-Archive-Tar RHSA-2010:0505-01 File : nvt/gb_RHSA-2010_0505-01_perl-Archive-Tar.nasl
2010-06-15	Name : Mandriva Update for perl MDVSA-2010:116 (perl) File : nvt/gb_mandriva_MDVSA_2010_116.nasl
2010-06-11	Name : RedHat Update for perl RHSA-2010:0458-02 File : nvt/gb_RHSA-2010_0458-02_perl.nasl
2010-05-12	Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl
2010-05-12	Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-04-16	Name : Mandriva Update for timezone MDVA-2010:116 (timezone) File : nvt/gb_mandriva_MDVA_2010_116.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-13	Name : SLES10: Security update for Perl File : nvt/sles10_perl.nasl
2009-10-10	Name : SLES9: Security update for Perl File : nvt/sles9p5033700.nasl
2009-07-29	Name : Fedora Core 10 FEDORA-2009-7680 (perl) File : nvt/fcore_2009_7680.nasl
2009-06-05	Name : Ubuntu USN-698-1 (nagios) File : nvt/ubuntu_698_1.nasl
2009-04-09	Name : Mandriva Update for perl MDVSA-2008:100 (perl) File : nvt/gb_mandriva_MDVSA_2008_100.nasl
2009-03-06	Name : RedHat Update for perl RHSA-2008:0522-01 File : nvt/gb_RHSA-2008_0522-01_perl.nasl
2009-02-27	Name : CentOS Update for perl CESA-2008:0522 centos4 x86_64 File : nvt/gb_CESA-2008_0522_perl_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for perl CESA-2008:0522 centos4 i386 File : nvt/gb_CESA-2008_0522_perl_centos4_i386.nasl
2009-02-27	Name : CentOS Update for perl CESA-2008:0522 centos3 x86_64 File : nvt/gb_CESA-2008_0522_perl_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for perl CESA-2008:0522 centos3 i386 File : nvt/gb_CESA-2008_0522_perl_centos3_i386.nasl
2009-02-18	Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl
2009-02-17	Name : Fedora Update for perl FEDORA-2008-3392 File : nvt/gb_fedora_2008_3392_perl_fc8.nasl
2009-02-17	Name : Fedora Update for perl FEDORA-2008-3399 File : nvt/gb_fedora_2008_3399_perl_fc7.nasl
2009-02-13	Name : Fedora Update for perl FEDORA-2008-11736 File : nvt/gb_fedora_2008_11736_perl_fc10.nasl
2009-01-20	Name : Ubuntu USN-700-2 (perl) File : nvt/ubuntu_700_2.nasl
2009-01-02	Name : Fedora Core 10 FEDORA-2008-11736 (perl) File : nvt/fcore_2008_11736.nasl
2008-12-29	Name : Debian Security Advisory DSA 1678-2 (perl) File : nvt/deb_1678_2.nasl
2008-12-29	Name : Ubuntu USN-700-1 (perl) File : nvt/ubuntu_700_1.nasl
2008-12-23	Name : Gentoo Security Advisory GLSA 200812-10 (Archive-Tar) File : nvt/glsa_200812_10.nasl
2008-12-10	Name : Debian Security Advisory DSA 1678-1 (perl) File : nvt/deb_1678_1.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200805-17 (perl libperl) File : nvt/glsa_200805_17.nasl
2008-04-30	Name : Debian Security Advisory DSA 1556-2 (perl) File : nvt/deb_1556_2.nasl
2008-04-30	Name : Debian Security Advisory DSA 1556-1 (perl) File : nvt/deb_1556_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
50446	Perl File::Path (lib/File/Path.pm) rmtree Function Symlink Arbitrary File Del...
44588	Perl UTF8 Character Handling Double-free DoS
40410	Perl Archive::Tar Module TAR Archive Traversal Arbitrary File Overwrite

Nessus® Vulnerability Scanner

Date	Description
2016-03-08	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0013_remote.nasl - Type : ACT_GATHER_INFO
2013-11-29	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-17.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0505.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0458.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0522.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100701_perl_Archive_Tar_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100607_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080611_perl_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-09-02	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0013.nasl - Type : ACT_GATHER_INFO
2010-07-28	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0505.nasl - Type : ACT_GATHER_INFO
2010-07-13	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0505.nasl - Type : ACT_GATHER_INFO
2010-06-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0458.nasl - Type : ACT_GATHER_INFO
2010-06-14	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-116.nasl - Type : ACT_GATHER_INFO
2010-06-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0458.nasl - Type : ACT_GATHER_INFO
2010-03-29	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12208.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0013.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_perl-090128.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_perl-090128.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_perl-080715.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2008-11736.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-700-2.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-700-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-100.nasl - Type : ACT_GATHER_INFO
2009-02-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO
2008-12-11	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-10.nasl - Type : ACT_GATHER_INFO
2008-12-04	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1678.nasl - Type : ACT_GATHER_INFO
2008-08-24	Name : The remote openSUSE host is missing a security update. File : suse_perl-5443.nasl - Type : ACT_GATHER_INFO
2008-08-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_perl-5444.nasl - Type : ACT_GATHER_INFO
2008-06-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0522.nasl - Type : ACT_GATHER_INFO
2008-06-12	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0522.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-17.nasl - Type : ACT_GATHER_INFO
2008-05-01	Name : The remote Fedora host is missing a security update. File : fedora_2008-3399.nasl - Type : ACT_GATHER_INFO
2008-05-01	Name : The remote Fedora host is missing a security update. File : fedora_2008-3392.nasl - Type : ACT_GATHER_INFO
2008-04-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1556.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:05:35	Multiple Updates
2013-05-11 00:55:52	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	4
Oval ID(s)	14
CPE ID(s)	7
osvdb(s)	3
Openvas Exploit(s)	33
Nessus® Exploit(s)	35

	Related
6.9	USN-700-1
6.9	CVE-2008-5303
6.9	CVE-2008-5302
6.8	CVE-2007-4829
5	CVE-2008-1927
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)