Lucene search
Copyright (C) 2012 Greenbone AGOPENVAS:1361412562310841232HistoryDec 04, 2012 - 12:00 a.m.
Ubuntu: Security Advisory (USN-1643-1)
2012-12-0400:00:00
Copyright (C) 2012 Greenbone AG
plugins.openvas.org
20
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.5%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.841232");
script_cve_id("CVE-2011-2939", "CVE-2011-3597", "CVE-2012-5195", "CVE-2012-5526");
script_tag(name:"creation_date", value:"2012-12-04 04:18:16 +0000 (Tue, 04 Dec 2012)");
script_version("2024-02-02T05:06:04+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Ubuntu: Security Advisory (USN-1643-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(10\.04\ LTS|11\.10|12\.04\ LTS|12\.10|8\.04\ LTS)");
script_xref(name:"Advisory-ID", value:"USN-1643-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-1643-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'perl' package(s) announced via the USN-1643-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that the decode_xs function in the Encode module is
vulnerable to a heap-based buffer overflow via a crafted Unicode string.
An attacker could use this overflow to cause a denial of service.
(CVE-2011-2939)
It was discovered that the 'new' constructor in the Digest module is
vulnerable to an eval injection. An attacker could use this to execute
arbitrary code. (CVE-2011-3597)
It was discovered that Perl's 'x' string repeat operator is vulnerable
to a heap-based buffer overflow. An attacker could use this to execute
arbitrary code. (CVE-2012-5195)
Ryo Anazawa discovered that the CGI.pm module does not properly escape
newlines in Set-Cookie or P3P (Platform for Privacy Preferences Project)
headers. An attacker could use this to inject arbitrary headers into
responses from applications that use CGI.pm. (CVE-2012-5526)");
script_tag(name:"affected", value:"'perl' package(s) on Ubuntu 8.04, Ubuntu 10.04, Ubuntu 11.10, Ubuntu 12.04, Ubuntu 12.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU10.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"perl", ver:"5.10.1-8ubuntu2.2", rls:"UBUNTU10.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU11.10") {
if(!isnull(res = isdpkgvuln(pkg:"perl", ver:"5.12.4-4ubuntu0.1", rls:"UBUNTU11.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU12.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"perl", ver:"5.14.2-6ubuntu2.2", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU12.10") {
if(!isnull(res = isdpkgvuln(pkg:"perl", ver:"5.14.2-13ubuntu0.1", rls:"UBUNTU12.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU8.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"perl", ver:"5.8.8-12ubuntu0.7", rls:"UBUNTU8.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
securityvulns
securityvulns
[USN-1643-1] Perl vulnerabilities
2012-12-02 00:00:00
perl multiple security vulnerabilities
2012-12-02 00:00:00
perl security vulnerabilities
2012-01-20 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : perl vulnerabilities (USN-1643-1)
2012-11-30 00:00:00
Oracle Linux 6 : perl (ELSA-2011-1424)
2013-07-12 00:00:00
RHEL 6 : perl (RHSA-2011:1424)
2011-11-04 00:00:00
openvas
openvas
Ubuntu Update for perl USN-1643-1
2012-12-04 00:00:00
Debian: Security Advisory (DSA-2586-1)
2013-09-18 00:00:00
RedHat Update for perl RHSA-2011:1424-01
2012-07-09 00:00:00
ubuntu
ubuntu
Perl vulnerabilities
2012-11-30 00:00:00
redhat
redhat
(RHSA-2011:1424) Moderate: perl security update
2011-11-03 00:00:00
(RHSA-2013:0685) Moderate: perl security update
2013-03-26 00:00:00
(RHSA-2011:1797) Moderate: perl security update
2011-12-08 00:00:00
osv
osv
perl - several
2012-12-11 00:00:00
debian
debian
[SECURITY] [DSA 2586-1] perl security update
2012-12-11 19:11:09
[SECURITY] [DSA 2587-1] libcgi-pm-perl security update
2012-12-11 20:35:49
oraclelinux
oraclelinux
perl security update
2011-11-03 00:00:00
perl security update
2013-03-26 00:00:00
perl security update
2011-12-08 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: perl-5.12.4-147.fc14
2011-11-03 00:22:52
[SECURITY] Fedora 18 Update: perl-CGI-3.51-10.fc18
2012-11-23 07:54:22
[SECURITY] Fedora 17 Update: perl-CGI-3.52-218.fc17
2012-12-13 05:55:07
amazon
amazon
Medium: perl
2011-11-09 21:48:00
Medium: perl
2013-04-04 11:10:00
f5
f5
centos
centos
perl security update
2013-03-26 21:05:02
perl security update
2011-12-09 08:14:32
veracode
veracode
Memory Corruption
2019-05-02 04:54:30
Privilege Escalation
2019-05-02 04:54:30
HTTP Header Injection
2019-05-02 04:54:30
gentoo
gentoo
Perl, Locale Maketext Perl module: Multiple vulnerabilities
2014-01-19 00:00:00
Perl Digest-Base module: Arbitrary code execution
2014-01-29 00:00:00
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2012-11-21 23:55:00
Heap overflow
2012-01-13 18:55:00
Sql injection
2012-01-13 18:55:00
cve
cve
debiancve
debiancve
altlinux
altlinux
Security fix for the ALT Linux 7 package perl version 1:5.14.2-alt4
2012-01-20 00:00:00
Security fix for the ALT Linux 6 package perl version 1:5.12.5-alt1.M60P.1
2012-11-10 00:00:00
aix
aix
Perl Digest Module Digest->new() Code Injection
2011-11-22 15:00:14
seebug
seebug
suse
suse
update for perl (important)
2013-03-20 14:04:22
update for perl (important)
2013-03-20 11:05:11
Security update for Perl (important)
2013-03-13 00:05:35
vmware
vmware
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
VMware vSphere and vCOps updates to third party libraries
2012-08-30 00:00:00
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.5%
Related for OPENVAS:1361412562310841232