Executive Summary

Informations
Name CVE-2013-1667 First vendor Publication 2013-03-13
Vendor Cve Last vendor Modification 2017-09-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18107
 
Oval ID: oval:org.mitre.oval:def:18107
Title: DSA-2641-1 perl - rehashing flaw
Description: Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion.
Family: unix Class: patch
Reference(s): DSA-2641-1
CVE-2013-1667
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18257
 
Oval ID: oval:org.mitre.oval:def:18257
Title: USN-1770-1 -- perl vulnerability
Description: Perl could be made to stop responding if it received specially crafted input.
Family: unix Class: patch
Reference(s): USN-1770-1
CVE-2013-1667
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 8.04
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18771
 
Oval ID: oval:org.mitre.oval:def:18771
Title: HP-UX running perl, Remote Denial of Service (DoS)
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1667
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20923
 
Oval ID: oval:org.mitre.oval:def:20923
Title: DEPRECATED: Security vulnerabilities in Perl for AIX
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1667
Version: 3
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20945
 
Oval ID: oval:org.mitre.oval:def:20945
Title: Security vulnerabilities in Perl for AIX
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1667
Version: 3
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20994
 
Oval ID: oval:org.mitre.oval:def:20994
Title: RHSA-2013:0685: perl security update (Moderate)
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: patch
Reference(s): RHSA-2013:0685-01
CESA-2013:0685
CVE-2012-5195
CVE-2012-5526
CVE-2012-6329
CVE-2013-1667
Version: 59
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23419
 
Oval ID: oval:org.mitre.oval:def:23419
Title: DEPRECATED: ELSA-2013:0685: perl security update (Moderate)
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: patch
Reference(s): ELSA-2013:0685-01
CVE-2012-5195
CVE-2012-5526
CVE-2012-6329
CVE-2013-1667
Version: 22
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23712
 
Oval ID: oval:org.mitre.oval:def:23712
Title: ELSA-2013:0685: perl security update (Moderate)
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: patch
Reference(s): ELSA-2013:0685-01
CVE-2012-5195
CVE-2012-5526
CVE-2012-6329
CVE-2013-1667
Version: 21
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29021
 
Oval ID: oval:org.mitre.oval:def:29021
Title: DSA-2641-2 -- perl -- rehashing flaw
Description: Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion.
Family: unix Class: patch
Reference(s): DSA-2641-2
CVE-2013-1667
Version: 3
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): perl
libapache2-mod-perl2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 61

Nessus® Vulnerability Scanner

Date Description
2016-06-22 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0076.nasl - Type : ACT_GATHER_INFO
2015-09-16 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15867.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_perl-58_20130521.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_perl-516_20130521.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_perl-512_20130521.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-0746.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-225.nasl - Type : ACT_GATHER_INFO
2014-01-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-11.nasl - Type : ACT_GATHER_INFO
2013-10-23 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_9.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-177.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0685.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-113.nasl - Type : ACT_GATHER_INFO
2013-04-03 Name : The remote Fedora host is missing a security update.
File : fedora_2013-3673.nasl - Type : ACT_GATHER_INFO
2013-03-28 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130326_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0685.nasl - Type : ACT_GATHER_INFO
2013-03-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0685.nasl - Type : ACT_GATHER_INFO
2013-03-22 Name : The remote Fedora host is missing a security update.
File : fedora_2013-3436.nasl - Type : ACT_GATHER_INFO
2013-03-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1770-1.nasl - Type : ACT_GATHER_INFO
2013-03-15 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-072-01.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_perl-130301.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_perl-8479.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_68c1f75b882411e29996c48508086173.nasl - Type : ACT_GATHER_INFO
2013-03-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2641.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
BID http://www.securityfocus.com/bid/58311
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5
http://perl5.git.perl.org/perl.git/commitdiff/9d83adc
http://perl5.git.perl.org/perl.git/commitdiff/d59e31f
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546....
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094
DEBIAN http://www.debian.org/security/2013/dsa-2641
HP http://marc.info/?l=bugtraq&m=137891988921058&w=2
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
https://bugzilla.redhat.com/show_bug.cgi?id=912276
MLIST http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
OSVDB http://osvdb.org/90892
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://rhn.redhat.com/errata/RHSA-2013-0685.html
SECUNIA http://secunia.com/advisories/52472
http://secunia.com/advisories/52499
UBUNTU http://www.ubuntu.com/usn/USN-1770-1
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/82598

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Date Informations
2020-05-23 00:36:35
  • Multiple Updates
2019-03-19 12:05:35
  • Multiple Updates
2017-09-19 09:25:54
  • Multiple Updates
2017-08-29 09:24:13
  • Multiple Updates
2016-12-08 09:23:26
  • Multiple Updates
2016-12-03 09:23:53
  • Multiple Updates
2016-09-09 09:23:16
  • Multiple Updates
2016-06-28 19:22:46
  • Multiple Updates
2016-06-23 13:29:27
  • Multiple Updates
2016-04-26 22:59:22
  • Multiple Updates
2015-09-17 13:23:32
  • Multiple Updates
2015-01-21 13:26:05
  • Multiple Updates
2014-11-08 13:30:40
  • Multiple Updates
2014-06-14 13:34:55
  • Multiple Updates
2014-02-17 11:18:05
  • Multiple Updates
2014-02-07 13:20:19
  • Multiple Updates
2014-01-23 21:20:47
  • Multiple Updates
2014-01-17 13:19:30
  • Multiple Updates
2013-12-05 17:19:53
  • Multiple Updates
2013-10-31 13:20:00
  • Multiple Updates
2013-05-16 17:03:15
  • Multiple Updates
2013-05-10 22:29:52
  • Multiple Updates
2013-04-11 13:21:05
  • Multiple Updates
2013-03-21 00:18:58
  • Multiple Updates
2013-03-16 18:31:06
  • First insertion