Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Perl: Multiple vulnerabilities
Informations
Name GLSA-201311-17 First vendor Publication 2013-11-28
Vendor Gentoo Last vendor Modification 2013-11-28
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities were found in Perl, the worst of which could allow a local attacker to cause a Denial of Service condition.

Background

Perl is Larry Wall's Practical Extraction and Report Language.

Description

Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details.

Impact

A local attacker could cause a Denial of Service condition or perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. A context-dependent attacker could cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Perl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/perl-5.12.3-r1"

References

[ 1 ] CVE-2008-5302 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5302
[ 2 ] CVE-2008-5303 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5303
[ 3 ] CVE-2010-1158 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1158
[ 4 ] CVE-2011-0761 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0761
[ 5 ] CVE-2011-1487 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1487

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201311-17.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201311-17.xml

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-362 Race Condition
25 % CWE-264 Permissions, Privileges, and Access Controls
25 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11076
 
Oval ID: oval:org.mitre.oval:def:11076
Title: Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Description: Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5302
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13047
 
Oval ID: oval:org.mitre.oval:def:13047
Title: DSA-2265-1 perl -- lack of tainted flag propagation
Description: Mark Martinec discovered that Perl incorrectly clears the tainted flag on values returned by case conversion functions such as "lc". This may expose preexisting vulnerabilities in applications which use these functions while processing untrusted input. No such applications are known at this stage. Such applications will cease to work when this security update is applied because taint checks are designed to prevent such unsafe use of untrusted input data.
Family: unix Class: patch
Reference(s): DSA-2265-1
CVE-2011-1487
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13257
 
Oval ID: oval:org.mitre.oval:def:13257
Title: USN-700-2 -- perl regression
Description: USN-700-1 fixed vulnerabilities in Perl. Due to problems with the Ubuntu 8.04 build, some Perl .ph files were missing from the resulting update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module�s rmtree function. If a local attacker successfully raced another user�s call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module�s rmtree function. If a local attacker successfully raced another user�s call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue
Family: unix Class: patch
Reference(s): USN-700-2
CVE-2007-4829
CVE-2008-1927
CVE-2008-5302
CVE-2008-5303
 Version: 5
Platform(s): Ubuntu 8.04
 Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13932
 
Oval ID: oval:org.mitre.oval:def:13932
Title: USN-1129-1 -- perl vulnerabilities
Description: perl: Larry Wall�s Practical Extraction and Report Language An attacker could send crafted input to Perl and bypass intended restrictions.
Family: unix Class: patch
Reference(s): USN-1129-1
CVE-2010-1168
CVE-2010-1447
CVE-2010-2761
CVE-2010-4411
CVE-2010-4410
CVE-2011-1487
 Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 6.06
Ubuntu 10.04
 Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21014
 
Oval ID: oval:org.mitre.oval:def:21014
Title: USN-700-1 -- libarchive-tar-perl, perl vulnerabilities
Description: Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives.
Family: unix Class: patch
Reference(s): USN-700-1
CVE-2007-4829
CVE-2008-1927
CVE-2008-5302
CVE-2008-5303
 Version: 5
Platform(s): Ubuntu 6.06
Ubuntu 7.10
Ubuntu 8.04
Ubuntu 8.10
 Product(s): libarchive-tar-perl
perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21868
 
Oval ID: oval:org.mitre.oval:def:21868
Title: RHSA-2011:0558: perl security and bug fix update (Moderate)
Description: The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Family: unix Class: patch
Reference(s): RHSA-2011:0558-01
CVE-2010-2761
CVE-2010-4410
CVE-2011-1487
 Version: 42
Platform(s): Red Hat Enterprise Linux 6
 Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23460
 
Oval ID: oval:org.mitre.oval:def:23460
Title: ELSA-2011:0558: perl security and bug fix update (Moderate)
Description: The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Family: unix Class: patch
Reference(s): ELSA-2011:0558-01
CVE-2010-2761
CVE-2010-4410
CVE-2011-1487
 Version: 17
Platform(s): Oracle Linux 6
 Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27690
 
Oval ID: oval:org.mitre.oval:def:27690
Title: DEPRECATED: ELSA-2011-0558 -- perl security and bug fix update (moderate)
Description: [5.10.1-119] - 692862 - lc launders tainted flag, CVE-2011-1487 - make SOURCE1 executable, because it missed +x in brew - Resolves: rhbz#692862 [5.10.1-118] - Correct perl-5.10.1-rt77352.patch - Related: rhbz#640720 [5.10.1-117] - 671352 CGI-3.51 security update - Resolves: rhbz#671352 [5.10.1-116] - require Digest::SHA 640716 - remove removal of NDBM 640729 - remove unsupported option fork from prove's documentation 609492 - Thread desctructor leaks 640720 - update threads to 1.82 (bugfixes releases) 626330 - remove unused patches from cvs - Resolves: rhbz#640729, rhbz#640716, rhbz#609492, rhbz#640720, rhbz#626330
Family: unix Class: patch
Reference(s): ELSA-2011-0558
CVE-2010-2761
CVE-2010-4410
CVE-2011-1487
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28121
 
Oval ID: oval:org.mitre.oval:def:28121
Title: DEPRECATED: ELSA-2010-0458 -- perl security update (moderate)
Description: [4:5.8.8-32.el5.1] - third version of patch fix change of behaviour of rmtree for common user - Resolves: rhbz#597203 [4:5.8.8-32.el5] - rhbz#595416 change documentation of File::Path - Related: rhbz#591167 [4:5.8.8-31.el5] - remove previous fix - Related: rhbz#591167 [4:5.8.8-30.el5] - change config to file on Util.so - Related: rhbz#594406 [4:5.8.8-29.el5] - CVE-2008-5302 - use latest patch without Cwd module - 507378 because of our paths we need to overload old Util.so in case customer installed Scalar::Util from cpan. In this case we marked new Util.so as .rpmnew. - Related: rhbz#591167 - Resolves: rhbz#594406 [4:5.8.8-28.el5] - CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1 - CVE-2010-1168 perl Safe: Intended restriction bypass via object references - CVE-2010-1447 Safe 2.26 and earlier: Intended restriction bypass via Perl object references in code executed outside safe compartment - Related: rhbz#591167
Family: unix Class: patch
Reference(s): ELSA-2010-0458
CVE-2010-1168
CVE-2010-1447
CVE-2008-5302
CVE-2008-5303
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6680
 
Oval ID: oval:org.mitre.oval:def:6680
Title: VMware ESX,Service Console update for perl.
Description: Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5303
 Version: 5
Platform(s): VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6890
 
Oval ID: oval:org.mitre.oval:def:6890
Title: VMware ESX,Service Console update for perl.
Description: Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5302
 Version: 5
Platform(s): VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9699
 
Oval ID: oval:org.mitre.oval:def:9699
Title: Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Description: Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5303
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 49

OpenVAS Exploits

Date Description
2012-07-09 Name : RedHat Update for perl RHSA-2011:0558-01
File : nvt/gb_RHSA-2011_0558-01_perl.nasl
2011-08-09 Name : CentOS Update for perl CESA-2010:0458 centos5 i386
File : nvt/gb_CESA-2010_0458_perl_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2265-1 (perl)
File : nvt/deb_2265_1.nasl
2011-05-23 Name : Mandriva Update for perl MDVSA-2011:091 (perl)
File : nvt/gb_mandriva_MDVSA_2011_091.nasl
2011-05-23 Name : Perl Denial of Service Vulnerability (Windows)
File : nvt/gb_perl_dos_vuln_win.nasl
2011-05-10 Name : Ubuntu Update for perl USN-1129-1
File : nvt/gb_ubuntu_USN_1129_1.nasl
2011-04-29 Name : Fedora Update for perl FEDORA-2011-4918
File : nvt/gb_fedora_2011_4918_perl_fc13.nasl
2011-04-22 Name : Perl Laundering Security Bypass Vulnerability (Windows)
File : nvt/gb_perl_sec_bypass_vuln.nasl
2011-04-19 Name : Fedora Update for perl FEDORA-2011-4610
File : nvt/gb_fedora_2011_4610_perl_fc14.nasl
2010-06-15 Name : Mandriva Update for perl MDVSA-2010:116 (perl)
File : nvt/gb_mandriva_MDVSA_2010_116.nasl
2010-06-11 Name : RedHat Update for perl RHSA-2010:0458-02
File : nvt/gb_RHSA-2010_0458-02_perl.nasl
2010-05-12 Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-04-16 Name : Mandriva Update for timezone MDVA-2010:116 (timezone)
File : nvt/gb_mandriva_MDVA_2010_116.nasl
2009-06-05 Name : Ubuntu USN-698-1 (nagios)
File : nvt/ubuntu_698_1.nasl
2009-02-18 Name : SuSE Security Summary SUSE-SR:2009:004
File : nvt/suse_sr_2009_004.nasl
2009-01-20 Name : Ubuntu USN-700-2 (perl)
File : nvt/ubuntu_700_2.nasl
2008-12-29 Name : Debian Security Advisory DSA 1678-2 (perl)
File : nvt/deb_1678_2.nasl
2008-12-29 Name : Ubuntu USN-700-1 (perl)
File : nvt/ubuntu_700_1.nasl
2008-12-10 Name : Debian Security Advisory DSA 1678-1 (perl)
File : nvt/deb_1678_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
75047 Perl Multiple Function Taint Protection Mechanism Bypass
74175 Perl Multiple Function Call Argument Injection NULL Dereference DoS
64082 Perl RegEx String Handling Overflow DoS
50446 Perl File::Path (lib/File/Path.pm) rmtree Function Symlink Arbitrary File Del...

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0013_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_perl-58_20131015.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_perl-110506.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_perl-110506.nasl - Type : ACT_GATHER_INFO
2013-11-29 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201311-17.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0458.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110519_perl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100607_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_perl-7507.nasl - Type : ACT_GATHER_INFO
2011-06-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2265.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1129-1.nasl - Type : ACT_GATHER_INFO
2011-05-20 Name : The remote host is missing the patch for the advisory RHSA-2011-0558
File : redhat-RHSA-2011-0558.nasl - Type : ACT_GATHER_INFO
2011-05-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-091.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_perl-110506.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_perl-7508.nasl - Type : ACT_GATHER_INFO
2011-05-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_perl-110506.nasl - Type : ACT_GATHER_INFO
2011-04-25 Name : The remote Fedora host is missing a security update.
File : fedora_2011-4918.nasl - Type : ACT_GATHER_INFO
2011-04-18 Name : The remote Fedora host is missing a security update.
File : fedora_2011-4631.nasl - Type : ACT_GATHER_INFO
2011-04-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-4610.nasl - Type : ACT_GATHER_INFO
2010-09-02 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0013.nasl - Type : ACT_GATHER_INFO
2010-06-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-116.nasl - Type : ACT_GATHER_INFO
2010-06-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0458.nasl - Type : ACT_GATHER_INFO
2010-06-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0458.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_perl-090128.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_perl-090128.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-700-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-700-2.nasl - Type : ACT_GATHER_INFO
2008-12-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1678.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:37:55
  • Multiple Updates
2013-11-28 13:18:21
  • First insertion