Vulners
Lucene search
MiracleLinux 3 : perl-5.8.8-40.0.1.AXS3 (AXSA:2013-340:01)
| Reporter | Title | Published | Views | Family All 235 |
|---|---|---|---|---|
 | Perl 5 Memory Corruption Vulnerability | 27 Oct 201200:00 | – | zdt |
| TWiki 5.1.2 Command Execution Vulnerability | 15 Dec 201200:00 | – | zdt |
| Foswiki 1.0.10 / 1.1.6 Code Injection / Denial Of Service | 18 Dec 201200:00 | – | zdt |
| Foswiki MAKETEXT Remote Command Execution Vulnerability | 23 Dec 201200:00 | – | zdt |
| TWiki MAKETEXT Remote Command Execution Vulnerability | 23 Dec 201200:00 | – | zdt |
| Foswiki MAKETEXT 1.1.7 / 1.0.10 Code Execution Vulnerability | 20 Feb 201300:00 | – | zdt |
 | perl -- denial of service via algorithmic complexity attack on hashing routines | 4 Mar 201300:00 | – | freebsd |
 | Security fix for the ALT Linux 6 package perl version 1:5.12.5-alt1.M60P.1 | 10 Nov 201200:00 | – | altlinux |
| Security fix for the ALT Linux 7 package perl version 1:5.16.3-alt1 | 12 Mar 201300:00 | – | altlinux |
 | AIX Perl Advisory : perl_advisory4.asc | 28 Apr 201400:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2013-340:01.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(289365);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/10");
script_cve_id(
"CVE-2012-5195",
"CVE-2012-5526",
"CVE-2012-6329",
"CVE-2013-1667"
);
script_name(english:"MiracleLinux 3 : perl-5.8.8-40.0.1.AXS3 (AXSA:2013-340:01)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2013-340:01 advisory.
Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at
handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality
and efficiency. While it is used to do a lot of different things, Perl's most common applications are
system administration utilities and web programming. A large proportion of the CGI scripts on the web are
written in Perl. You need the perl package installed on your system so that your system can handle Perl
scripts.
Install this package if you want to program in Perl or enable your system to handle Perl scripts.
Security issues fixed with this release:
CVE-2012-5195
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x
before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service
(memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
CVE-2012-5526
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers,
which might allow remote attackers to inject arbitrary headers into responses from applications that use
CGI.pm.
CVE-2012-6329
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not
properly handle backslashes and fully qualified method names during compilation of bracket notation, which
allows context-dependent attackers to execute arbitrary commands via crafted input to an application that
accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the
Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
CVE-2013-1667
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of
service (memory consumption and crash) via a crafted hash key.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/3987");
script_set_attribute(attribute:"solution", value:
"Update the affected perl and / or perl-suidperl packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1667");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"d2_elliot_name", value:"TWiki 5.1.2 RCE");
script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/26");
script_set_attribute(attribute:"patch_publication_date", value:"2013/04/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:perl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:perl-suidperl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '3',
'pkgs': [
{'reference':'perl-5.8.8-40.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'perl-suidperl-5.8.8-40.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'perl / perl-suidperl');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Feb 2026 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 27.5
EPSS0.81971