Executive Summary

Summary
Title libapache2-mod-perl2 update related to DSA 2641-1
Informations
Name DSA-2641 First vendor Publication 2013-03-09
Vendor Debian Last vendor Modification 2013-03-20
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The security fix applied to the perl package due to CVE-2013-1667 introduced a test failure in libapache2-mod-perl2 source package specific to the rehash mechanism in Perl. See Debian Bug #702821 for details. This update fixes that problem. For reference, the original advisory text for perl follows.

Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion.

For the stable distribution (squeeze), this problem has been fixed in version 2.0.4-7+squeeze1.

For the testing distribution (wheezy) this problem has been fixed in version 2.0.7-3.

For the unstable distribution (sid), this problem has been fixed in version 2.0.7-3.

Original Source

Url : http://www.debian.org/security/2013/dsa-2641

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18107
 
Oval ID: oval:org.mitre.oval:def:18107
Title: DSA-2641-1 perl - rehashing flaw
Description: Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion.
Family: unix Class: patch
Reference(s): DSA-2641-1
CVE-2013-1667
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18257
 
Oval ID: oval:org.mitre.oval:def:18257
Title: USN-1770-1 -- perl vulnerability
Description: Perl could be made to stop responding if it received specially crafted input.
Family: unix Class: patch
Reference(s): USN-1770-1
CVE-2013-1667
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 8.04
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18771
 
Oval ID: oval:org.mitre.oval:def:18771
Title: HP-UX running perl, Remote Denial of Service (DoS)
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1667
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20923
 
Oval ID: oval:org.mitre.oval:def:20923
Title: DEPRECATED: Security vulnerabilities in Perl for AIX
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1667
Version: 3
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20945
 
Oval ID: oval:org.mitre.oval:def:20945
Title: Security vulnerabilities in Perl for AIX
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1667
Version: 3
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20994
 
Oval ID: oval:org.mitre.oval:def:20994
Title: RHSA-2013:0685: perl security update (Moderate)
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: patch
Reference(s): RHSA-2013:0685-01
CESA-2013:0685
CVE-2012-5195
CVE-2012-5526
CVE-2012-6329
CVE-2013-1667
Version: 59
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23419
 
Oval ID: oval:org.mitre.oval:def:23419
Title: DEPRECATED: ELSA-2013:0685: perl security update (Moderate)
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: patch
Reference(s): ELSA-2013:0685-01
CVE-2012-5195
CVE-2012-5526
CVE-2012-6329
CVE-2013-1667
Version: 22
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23712
 
Oval ID: oval:org.mitre.oval:def:23712
Title: ELSA-2013:0685: perl security update (Moderate)
Description: The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Family: unix Class: patch
Reference(s): ELSA-2013:0685-01
CVE-2012-5195
CVE-2012-5526
CVE-2012-6329
CVE-2013-1667
Version: 21
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29021
 
Oval ID: oval:org.mitre.oval:def:29021
Title: DSA-2641-2 -- perl -- rehashing flaw
Description: Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion.
Family: unix Class: patch
Reference(s): DSA-2641-2
CVE-2013-1667
Version: 3
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): perl
libapache2-mod-perl2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 61

Nessus® Vulnerability Scanner

Date Description
2016-06-22 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0076.nasl - Type : ACT_GATHER_INFO
2015-09-16 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15867.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_perl-58_20130521.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_perl-516_20130521.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_perl-512_20130521.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-0746.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-225.nasl - Type : ACT_GATHER_INFO
2014-01-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-11.nasl - Type : ACT_GATHER_INFO
2013-10-23 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_9.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-177.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0685.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-113.nasl - Type : ACT_GATHER_INFO
2013-04-03 Name : The remote Fedora host is missing a security update.
File : fedora_2013-3673.nasl - Type : ACT_GATHER_INFO
2013-03-28 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130326_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0685.nasl - Type : ACT_GATHER_INFO
2013-03-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0685.nasl - Type : ACT_GATHER_INFO
2013-03-22 Name : The remote Fedora host is missing a security update.
File : fedora_2013-3436.nasl - Type : ACT_GATHER_INFO
2013-03-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1770-1.nasl - Type : ACT_GATHER_INFO
2013-03-15 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-072-01.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_perl-130301.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_perl-8479.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_68c1f75b882411e29996c48508086173.nasl - Type : ACT_GATHER_INFO
2013-03-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2641.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2014-02-17 11:31:43
  • Multiple Updates
2013-03-21 00:19:48
  • Multiple Updates
2013-03-20 21:17:27
  • Multiple Updates
2013-03-16 18:31:53
  • Multiple Updates
2013-03-09 17:17:49
  • First insertion