CVE-2005-3962
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.6%
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Affected configurations
References
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
docs.info.apple.com/article.html?artnum=304829
lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
marc.info/?l=full-disclosure&m=113342788118630&w=2
secunia.com/advisories/17762
secunia.com/advisories/17802
secunia.com/advisories/17844
secunia.com/advisories/17941
secunia.com/advisories/17952
secunia.com/advisories/17993
secunia.com/advisories/18075
secunia.com/advisories/18183
secunia.com/advisories/18187
secunia.com/advisories/18295
secunia.com/advisories/18413
secunia.com/advisories/18517
secunia.com/advisories/19041
secunia.com/advisories/20894
secunia.com/advisories/23155
secunia.com/advisories/31208
sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
support.avaya.com/elmodocs2/security/ASA-2006-081.htm
www.debian.org/security/2006/dsa-943
www.dyadsecurity.com/perl-0002.html
www.gentoo.org/security/en/glsa/glsa-200512-01.xml
www.ipcop.org/index.php?name=News&file=article&sid=41
www.kb.cert.org/vuls/id/948385
www.mandriva.com/security/advisories?name=MDKSA-2005:225
www.novell.com/linux/security/advisories/2005_29_sr.html
www.novell.com/linux/security/advisories/2005_71_perl.html
www.openbsd.org/errata37.html#perl
www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
www.osvdb.org/21345
www.osvdb.org/22255
www.redhat.com/support/errata/RHSA-2005-880.html
www.redhat.com/support/errata/RHSA-2005-881.html
www.securityfocus.com/archive/1/418333/100/0/threaded
www.securityfocus.com/archive/1/438726/100/0/threaded
www.securityfocus.com/bid/15629
www.trustix.org/errata/2005/0070
www.us-cert.gov/cas/techalerts/TA06-333A.html
www.vupen.com/english/advisories/2005/2688
www.vupen.com/english/advisories/2006/0771
www.vupen.com/english/advisories/2006/2613
www.vupen.com/english/advisories/2006/4750
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
usn.ubuntu.com/222-1/
www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.6%