Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2005-3962 First vendor Publication 2005-12-01
Vendor Cve Last vendor Modification 2018-10-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10598
 
Oval ID: oval:org.mitre.oval:def:10598
Title: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Description: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Family: unix Class: vulnerability
Reference(s): CVE-2005-3962
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1074
 
Oval ID: oval:org.mitre.oval:def:1074
Title: Perl Format String Integer Overflow Vulnerability
Description: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Family: unix Class: vulnerability
Reference(s): CVE-2005-3962
Version: 1
Platform(s): Sun Solaris 10
Product(s): Perl
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for perl
File : nvt/sles9p5012473.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200512-01 (Perl)
File : nvt/glsa_200512_01.nasl
2008-09-04 Name : FreeBSD Ports: perl
File : nvt/freebsd_perl1.nasl
2008-01-17 Name : Debian Security Advisory DSA 943-1 (perl)
File : nvt/deb_943_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
22255 OpenBSD Perl Interpreter sprintf Function Local Overflow

A local overflow exists in Perl on OpenBSD. The interpreter can be used to cause a buffer overflow. No futher details have been provided.
21345 Perl Explicit Format Parameter Index Overflow

Perl contains a flaw that when handling a format string containing an explicit format parameter index that exceeds INT_MAX which can result in an illegal memory access. With a specially crafted request, an attacker can cause the crash of a Perl application resulting in a loss of availability.

Nessus® Vulnerability Scanner

Date Description
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-943.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-880.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-881.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_bb33981a7ac611dabf7200123f589060.nasl - Type : ACT_GATHER_INFO
2006-01-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-222-1.nasl - Type : ACT_GATHER_INFO
2006-01-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-222-2.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-225.nasl - Type : ACT_GATHER_INFO
2005-12-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-880.nasl - Type : ACT_GATHER_INFO
2005-12-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-881.nasl - Type : ACT_GATHER_INFO
2005-12-30 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2005_071.nasl - Type : ACT_GATHER_INFO
2005-12-15 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1144.nasl - Type : ACT_GATHER_INFO
2005-12-15 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1145.nasl - Type : ACT_GATHER_INFO
2005-12-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200512-01.nasl - Type : ACT_GATHER_INFO
2005-12-07 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1113.nasl - Type : ACT_GATHER_INFO
2005-12-07 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1116.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
BID http://www.securityfocus.com/bid/15629
BUGTRAQ http://www.securityfocus.com/archive/1/418333/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA06-333A.html
CERT-VN http://www.kb.cert.org/vuls/id/948385
CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
CONFIRM ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
http://docs.info.apple.com/article.html?artnum=304829
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.ipcop.org/index.php?name=News&file=article&sid=41
DEBIAN http://www.debian.org/security/2006/dsa-943
FEDORA https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008...
FULLDISC http://marc.info/?l=full-disclosure&m=113342788118630&w=2
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
HP http://www.securityfocus.com/archive/1/438726/100/0/threaded
MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
MISC http://www.dyadsecurity.com/perl-0002.html
OPENBSD http://www.openbsd.org/errata37.html#perl
OPENPKG http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
OSVDB http://www.osvdb.org/21345
http://www.osvdb.org/22255
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2005-880.html
http://www.redhat.com/support/errata/RHSA-2005-881.html
SECUNIA http://secunia.com/advisories/17762
http://secunia.com/advisories/17802
http://secunia.com/advisories/17844
http://secunia.com/advisories/17941
http://secunia.com/advisories/17952
http://secunia.com/advisories/17993
http://secunia.com/advisories/18075
http://secunia.com/advisories/18183
http://secunia.com/advisories/18187
http://secunia.com/advisories/18295
http://secunia.com/advisories/18413
http://secunia.com/advisories/18517
http://secunia.com/advisories/19041
http://secunia.com/advisories/20894
http://secunia.com/advisories/23155
http://secunia.com/advisories/31208
SGI ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
SUSE http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.novell.com/linux/security/advisories/2005_71_perl.html
TRUSTIX http://www.trustix.org/errata/2005/0070
UBUNTU https://usn.ubuntu.com/222-1/
VUPEN http://www.vupen.com/english/advisories/2005/2688
http://www.vupen.com/english/advisories/2006/0771
http://www.vupen.com/english/advisories/2006/2613
http://www.vupen.com/english/advisories/2006/4750

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2020-05-23 00:17:03
  • Multiple Updates
2018-10-19 21:19:41
  • Multiple Updates
2018-10-05 17:19:28
  • Multiple Updates
2018-10-04 00:19:26
  • Multiple Updates
2017-10-11 09:23:36
  • Multiple Updates
2016-10-18 12:01:51
  • Multiple Updates
2016-06-28 15:26:56
  • Multiple Updates
2016-04-26 14:00:24
  • Multiple Updates
2014-02-17 10:33:45
  • Multiple Updates
2013-05-11 11:35:57
  • Multiple Updates