Executive Summary
| Summary | |
|---|---|
| Title | New Net::Server packages fix denial of service |
| Informations | |||
|---|---|---|---|
| Name | DSA-1122 | First vendor Publication | 2005-07-24 |
| Vendor | Debian | Last vendor Modification | 2005-07-24 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Peter Bieringer discovered that the "log" function in the Net::Server Perl module, an extensible, general perl server engine, is not safe against format string exploits. The old stable distribution (woody) does not contain this package. For the stable distribution (sarge) this problem has been fixed in version 0.87-3sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.89-1. We recommend that you upgrade your libnet-server-perl package. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-1122 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for perl-Net-Server File : nvt/sles9p5020679.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200608-18 (net-server) File : nvt/glsa_200608_18.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1121-1 (postgrey) File : nvt/deb_1121_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1122-1 (libnet-server-perl) File : nvt/deb_1122_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 15517 | Net::Server Logging Function Format String DoS Postgrey contains a flaw that may allow a remote denial of service. The issue is due to a format string error in syslog/printf functions. By sending a mail with a specially crafted sender address, an attacker can crash the service, resulting in loss of availability for the platform. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_10270.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1121.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1122.nasl - Type : ACT_GATHER_INFO |
| 2006-08-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200608-18.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:26:01 |
|
