SOL5794 - Security Advisory: Perl integer sign error in format string processing - CVE-2005-3962

Although F5 Networks products contain versions of Perl that are subject to this vulnerability, this vulnerability can only be exploited by an attacker that has root access. As a result, F5 Networks products are not considered vulnerable.

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Information about this advisory is available at the following location:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962&gt;