Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Perl vulnerability
Informations
Name USN-222-1 First vendor Publication 2005-12-02
Vendor Ubuntu Last vendor Modification 2005-12-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

perl-base

The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.5 (for Ubuntu 4.10), 5.8.4-6ubuntu1.1 (for Ubuntu 5.04), or 5.8.7-5ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program.

However, this attack was only possible in insecure Perl programs which use variables with user-defined values in string interpolations without checking their validity.

Original Source

Url : http://www.ubuntu.com/usn/USN-222-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10598
 
Oval ID: oval:org.mitre.oval:def:10598
Title: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Description: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Family: unix Class: vulnerability
Reference(s): CVE-2005-3962
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1074
 
Oval ID: oval:org.mitre.oval:def:1074
Title: Perl Format String Integer Overflow Vulnerability
Description: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Family: unix Class: vulnerability
Reference(s): CVE-2005-3962
Version: 1
Platform(s): Sun Solaris 10
Product(s): Perl
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for perl
File : nvt/sles9p5012473.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200512-01 (Perl)
File : nvt/glsa_200512_01.nasl
2008-09-04 Name : FreeBSD Ports: perl
File : nvt/freebsd_perl1.nasl
2008-01-17 Name : Debian Security Advisory DSA 943-1 (perl)
File : nvt/deb_943_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
22255 OpenBSD Perl Interpreter sprintf Function Local Overflow

A local overflow exists in Perl on OpenBSD. The interpreter can be used to cause a buffer overflow. No futher details have been provided.
21345 Perl Explicit Format Parameter Index Overflow

Perl contains a flaw that when handling a format string containing an explicit format parameter index that exceeds INT_MAX which can result in an illegal memory access. With a specially crafted request, an attacker can cause the crash of a Perl application resulting in a loss of availability.

Nessus® Vulnerability Scanner

Date Description
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-943.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-880.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-881.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_bb33981a7ac611dabf7200123f589060.nasl - Type : ACT_GATHER_INFO
2006-01-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-222-1.nasl - Type : ACT_GATHER_INFO
2006-01-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-222-2.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-225.nasl - Type : ACT_GATHER_INFO
2005-12-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-880.nasl - Type : ACT_GATHER_INFO
2005-12-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-881.nasl - Type : ACT_GATHER_INFO
2005-12-30 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2005_071.nasl - Type : ACT_GATHER_INFO
2005-12-15 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1144.nasl - Type : ACT_GATHER_INFO
2005-12-15 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1145.nasl - Type : ACT_GATHER_INFO
2005-12-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200512-01.nasl - Type : ACT_GATHER_INFO
2005-12-07 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1113.nasl - Type : ACT_GATHER_INFO
2005-12-07 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-1116.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:03:09
  • Multiple Updates