ID OPENVAS:862299 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2017-12-14T00:00:00
Description
Check for the Version of perl
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for perl FEDORA-2010-11323
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Perl is a high-level programming language with roots in C, sed, awk
and shell scripting. Perl is good at handling processes and files,
and is especially good at handling text. Perl's hallmarks are
practicality and efficiency. While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming. A large proportion of
the CGI scripts on the web are written in Perl. You need the perl
package installed on your system so that your system can handle Perl
scripts.
Install this package if you want to program in Perl or enable your
system to handle Perl scripts.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "perl on Fedora 13";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044979.html");
script_id(862299);
script_version("$Revision: 8109 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)");
script_tag(name:"cvss_base", value:"8.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:C/I:C/A:C");
script_xref(name: "FEDORA", value: "2010-11323");
script_cve_id("CVE-2010-1168", "CVE-2010-1447");
script_name("Fedora Update for perl FEDORA-2010-11323");
script_tag(name: "summary" , value: "Check for the Version of perl");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC13")
{
if ((res = isrpmvuln(pkg:"perl", rpm:"perl~5.10.1~116.fc13", rls:"FC13")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:862299", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for perl FEDORA-2010-11323", "description": "Check for the Version of perl", "published": "2010-08-06T00:00:00", "modified": "2017-12-14T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862299", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["2010-11323", "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044979.html"], "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "lastseen": "2017-12-14T11:48:40", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-12-14T11:48:40", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1447", "CVE-2010-1168"]}, {"type": "openvas", "idList": ["OPENVAS:870274", "OPENVAS:1361412562310863046", "OPENVAS:830972", "OPENVAS:1361412562310862299", "OPENVAS:831076", "OPENVAS:1361412562310862315", "OPENVAS:862315", "OPENVAS:1361412562310830972", "OPENVAS:1361412562310831076", "OPENVAS:1361412562310870274"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24049", "SECURITYVULNS:DOC:26304", "SECURITYVULNS:VULN:11649", "SECURITYVULNS:VULN:10923"]}, {"type": "redhat", "idList": ["RHSA-2010:0458", "RHSA-2010:0457"]}, {"type": "fedora", "idList": ["FEDORA:2ABEF111145", "FEDORA:3803711051E", "FEDORA:1C603110F4C"]}, {"type": "nessus", "idList": ["FEDORA_2010-11340.NASL", "ORACLELINUX_ELSA-2010-0457.NASL", "SUSE_11_PERL-100730.NASL", "FEDORA_2010-11323.NASL", "SUSE9_12628.NASL", "REDHAT-RHSA-2010-0457.NASL", "SUSE_PERL-7108.NASL", "SUSE_11_2_PERL-100730.NASL", "SUSE_11_1_PERL-100730.NASL", "MANDRIVA_MDVSA-2010-115.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0457", "ELSA-2010-0458"]}, {"type": "centos", "idList": ["CESA-2010:0458"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2267-1:6948E", "DEBIAN:BSA-005-:128F5"]}, {"type": "ubuntu", "idList": ["USN-1129-1"]}, {"type": "gentoo", "idList": ["GLSA-201110-22", "GLSA-201111-09"]}, {"type": "seebug", "idList": ["SSV:19652", "SSV:30015", "SSV:19754"]}, {"type": "vmware", "idList": ["VMSA-2010-0013"]}, {"type": "threatpost", "idList": ["THREATPOST:3C2288E116082B4098F488709A15B059"]}], "modified": "2017-12-14T11:48:40", "rev": 2}, "vulnersScore": 6.8}, "pluginID": "862299", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl FEDORA-2010-11323\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl is a high-level programming language with roots in C, sed, awk\n and shell scripting. Perl is good at handling processes and files,\n and is especially good at handling text. Perl's hallmarks are\n practicality and efficiency. While it is used to do a lot of\n different things, Perl's most common applications are system\n administration utilities and web programming. A large proportion of\n the CGI scripts on the web are written in Perl. You need the perl\n package installed on your system so that your system can handle Perl\n scripts.\n\n Install this package if you want to program in Perl or enable your\n system to handle Perl scripts.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"perl on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044979.html\");\n script_id(862299);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-11323\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_name(\"Fedora Update for perl FEDORA-2010-11323\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.1~116.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:57:23", "description": "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\"", "edition": 3, "cvss3": {}, "published": "2010-06-21T16:30:00", "title": "CVE-2010-1168", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1168"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:rafael_garcia-suarez:safe:2.15", "cpe:/a:rafael_garcia-suarez:safe:2.11", "cpe:/a:rafael_garcia-suarez:safe:2.17", "cpe:/a:rafael_garcia-suarez:safe:2.23", "cpe:/a:rafael_garcia-suarez:safe:2.22", "cpe:/a:rafael_garcia-suarez:safe:2.14", "cpe:/a:rafael_garcia-suarez:safe:2.21", "cpe:/a:rafael_garcia-suarez:safe:2.20", "cpe:/a:rafael_garcia-suarez:safe:2.09", "cpe:/a:rafael_garcia-suarez:safe:2.16", "cpe:/a:rafael_garcia-suarez:safe:2.24", "cpe:/a:rafael_garcia-suarez:safe:2.08", "cpe:/a:rafael_garcia-suarez:safe:2.13", "cpe:/a:rafael_garcia-suarez:safe:2.19", "cpe:/a:rafael_garcia-suarez:safe:2.18"], "id": "CVE-2010-1168", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1168", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:rafael_garcia-suarez:safe:2.17:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.20:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.16:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.19:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.15:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.23:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.14:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.13:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.21:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.22:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.24:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.09:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.18:*:*:*:*:*:*:*", "cpe:2.3:a:rafael_garcia-suarez:safe:2.08:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:24", "description": "The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.", "edition": 3, "cvss3": {}, "published": "2010-05-19T18:30:00", "title": "CVE-2010-1447", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1447"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:postgresql:postgresql:7.4", "cpe:/a:postgresql:postgresql:7.4.6", "cpe:/a:postgresql:postgresql:8.2.14", "cpe:/a:postgresql:postgresql:8.0.15", "cpe:/a:postgresql:postgresql:8.0.3", "cpe:/a:postgresql:postgresql:8.1.13", "cpe:/a:postgresql:postgresql:7.4.10", "cpe:/a:postgresql:postgresql:8.1.14", "cpe:/a:postgresql:postgresql:8.2.4", "cpe:/a:postgresql:postgresql:8.1.7", "cpe:/a:postgresql:postgresql:8.2", "cpe:/a:postgresql:postgresql:8.1.17", "cpe:/a:postgresql:postgresql:8.3.7", "cpe:/a:postgresql:postgresql:8.1.12", "cpe:/a:postgresql:postgresql:8.3.1", "cpe:/a:postgresql:postgresql:8.0.1", "cpe:/a:postgresql:postgresql:7.4.15", "cpe:/a:postgresql:postgresql:7.4.28", "cpe:/a:postgresql:postgresql:8.0.4", "cpe:/a:postgresql:postgresql:8.0.7", "cpe:/a:postgresql:postgresql:8.1.8", "cpe:/a:postgresql:postgresql:8.2.2", "cpe:/a:postgresql:postgresql:8.0.24", "cpe:/a:postgresql:postgresql:7.4.27", "cpe:/a:postgresql:postgresql:8.2.10", "cpe:/a:postgresql:postgresql:8.2.3", "cpe:/a:postgresql:postgresql:8.2.1", "cpe:/a:postgresql:postgresql:7.4.23", "cpe:/a:postgresql:postgresql:8.0.10", "cpe:/a:postgresql:postgresql:8.1.0", "cpe:/a:postgresql:postgresql:8.2.15", "cpe:/a:postgresql:postgresql:8.0.19", "cpe:/a:postgresql:postgresql:8.0.14", "cpe:/a:postgresql:postgresql:8.2.6", "cpe:/a:postgresql:postgresql:8.1.20", "cpe:/a:postgresql:postgresql:8.2.11", "cpe:/a:postgresql:postgresql:8.1.11", "cpe:/a:postgresql:postgresql:8.0.18", "cpe:/a:postgresql:postgresql:7.4.22", "cpe:/a:postgresql:postgresql:8.3.6", "cpe:/a:postgresql:postgresql:8.2.7", "cpe:/a:postgresql:postgresql:8.2.8", "cpe:/a:postgresql:postgresql:8.0.13", "cpe:/a:postgresql:postgresql:8.3", "cpe:/a:postgresql:postgresql:7.4.2", "cpe:/a:postgresql:postgresql:8.3.8", "cpe:/a:postgresql:postgresql:8.2.5", "cpe:/a:postgresql:postgresql:8.1.10", "cpe:/a:postgresql:postgresql:8.4.3", "cpe:/a:postgresql:postgresql:8.1.19", "cpe:/a:postgresql:postgresql:7.4.9", "cpe:/a:postgresql:postgresql:8.0.22", "cpe:/a:postgresql:postgresql:8.0.2", "cpe:/a:postgresql:postgresql:8.1.18", "cpe:/a:postgresql:postgresql:8.1.16", "cpe:/a:postgresql:postgresql:8.1.1", "cpe:/a:postgresql:postgresql:7.4.19", "cpe:/a:postgresql:postgresql:7.4.1", "cpe:/a:postgresql:postgresql:7.4.20", "cpe:/a:postgresql:postgresql:7.4.13", "cpe:/a:postgresql:postgresql:7.4.21", "cpe:/a:postgresql:postgresql:8.1.4", "cpe:/a:postgresql:postgresql:8.0", "cpe:/a:postgresql:postgresql:8.1.5", "cpe:/a:postgresql:postgresql:8.3.10", "cpe:/a:postgresql:postgresql:8.1.6", "cpe:/a:postgresql:postgresql:7.4.26", "cpe:/a:postgresql:postgresql:7.4.7", "cpe:/a:postgresql:postgresql:7.4.18", "cpe:/a:postgresql:postgresql:8.0.17", "cpe:/a:postgresql:postgresql:7.4.4", "cpe:/a:postgresql:postgresql:8.1.9", "cpe:/a:postgresql:postgresql:8.4.2", "cpe:/a:postgresql:postgresql:8.2.13", "cpe:/a:postgresql:postgresql:8.0.12", "cpe:/a:postgresql:postgresql:7.4.17", "cpe:/a:postgresql:postgresql:9.0.0", "cpe:/a:postgresql:postgresql:8.3.3", "cpe:/a:postgresql:postgresql:8.1.15", "cpe:/a:postgresql:postgresql:8.0.21", "cpe:/a:postgresql:postgresql:7.4.12", "cpe:/a:postgresql:postgresql:8.0.16", "cpe:/a:postgresql:postgresql:8.0.23", "cpe:/a:postgresql:postgresql:8.0.8", "cpe:/a:postgresql:postgresql:8.2.12", "cpe:/a:postgresql:postgresql:8.0.5", "cpe:/a:postgresql:postgresql:8.0.6", "cpe:/a:postgresql:postgresql:8.2.9", "cpe:/a:postgresql:postgresql:7.4.25", "cpe:/a:postgresql:postgresql:8.3.4", "cpe:/a:postgresql:postgresql:8.1.2", "cpe:/a:postgresql:postgresql:7.4.16", "cpe:/a:postgresql:postgresql:8.2.16", "cpe:/a:postgresql:postgresql:7.4.5", "cpe:/a:postgresql:postgresql:7.4.8", "cpe:/a:postgresql:postgresql:8.3.2", "cpe:/a:postgresql:postgresql:8.1", "cpe:/a:postgresql:postgresql:8.1.3", "cpe:/a:postgresql:postgresql:8.0.20", "cpe:/a:postgresql:postgresql:7.4.3", "cpe:/a:postgresql:postgresql:8.4", "cpe:/a:postgresql:postgresql:7.4.24", "cpe:/a:postgresql:postgresql:7.4.11", "cpe:/a:postgresql:postgresql:8.0.0", "cpe:/a:postgresql:postgresql:7.4.14", "cpe:/a:postgresql:postgresql:8.0.9", "cpe:/a:postgresql:postgresql:8.0.11", "cpe:/a:postgresql:postgresql:8.3.9", "cpe:/a:postgresql:postgresql:8.3.5", "cpe:/a:postgresql:postgresql:8.4.1"], "id": "CVE-2010-1447", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1447", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.22:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.27:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.21:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.25:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.28:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.26:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.23:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.24:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-02T10:54:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Check for the Version of perl", "modified": "2017-12-29T00:00:00", "published": "2010-08-06T00:00:00", "id": "OPENVAS:1361412562310862299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862299", "type": "openvas", "title": "Fedora Update for perl FEDORA-2010-11323", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl FEDORA-2010-11323\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl is a high-level programming language with roots in C, sed, awk\n and shell scripting. Perl is good at handling processes and files,\n and is especially good at handling text. Perl's hallmarks are\n practicality and efficiency. While it is used to do a lot of\n different things, Perl's most common applications are system\n administration utilities and web programming. A large proportion of\n the CGI scripts on the web are written in Perl. You need the perl\n package installed on your system so that your system can handle Perl\n scripts.\n\n Install this package if you want to program in Perl or enable your\n system to handle Perl scripts.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"perl on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044979.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862299\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-06 10:34:50 +0200 (Fri, 06 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-11323\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_name(\"Fedora Update for perl FEDORA-2010-11323\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.1~116.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Check for the Version of perl", "modified": "2017-12-20T00:00:00", "published": "2010-06-11T00:00:00", "id": "OPENVAS:870274", "href": "http://plugins.openvas.org/nasl.php?oid=870274", "type": "openvas", "title": "RedHat Update for perl RHSA-2010:0457-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for perl RHSA-2010:0457-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl is a high-level programming language commonly used for system\n administration utilities and web programming. The Safe extension module\n allows users to compile and execute Perl code in restricted compartments.\n\n The Safe module did not properly restrict the code of implicitly called\n methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects\n returned as a result of unsafe code evaluation. These methods could have\n been executed unrestricted by Safe when such objects were accessed or\n destroyed. A specially-crafted Perl script executed inside of a Safe\n compartment could use this flaw to bypass intended Safe module\n restrictions. (CVE-2010-1168)\n \n The Safe module did not properly restrict code compiled in a Safe\n compartment and executed out of the compartment via a subroutine reference\n returned as a result of unsafe code evaluation. A specially-crafted Perl\n script executed inside of a Safe compartment could use this flaw to bypass\n intended Safe module restrictions, if the returned subroutine reference was\n called from outside of the compartment. (CVE-2010-1447)\n \n Red Hat would like to thank Tim Bunce for responsibly reporting the\n CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton\n as the original reporter of CVE-2010-1168, and Tim Bunce and Rafal\n Garcia-Suarez as the original reporters of CVE-2010-1447.\n \n These packages upgrade the Safe extension module to version 2.27. Refer to\n the Safe module's Changes file, linked to in the References, for a full\n list of changes.\n \n Users of perl are advised to upgrade to these updated packages, which\n correct these issues. All applications using the Safe extension module must\n be restarted for this update to take effect.\";\n\ntag_affected = \"perl on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-June/msg00003.html\");\n script_id(870274);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0457-01\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_name(\"RedHat Update for perl RHSA-2010:0457-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.8.5~53.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.8.5~53.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.8.5~53.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.8.0~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CGI\", rpm:\"perl-CGI~2.89~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CPAN\", rpm:\"perl-CPAN~1.61~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-DB_File\", rpm:\"perl-DB_File~1.806~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.8.0~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.8.0~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:04:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Check for the Version of perl", "modified": "2018-01-17T00:00:00", "published": "2010-06-11T00:00:00", "id": "OPENVAS:1361412562310870274", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870274", "type": "openvas", "title": "RedHat Update for perl RHSA-2010:0457-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for perl RHSA-2010:0457-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl is a high-level programming language commonly used for system\n administration utilities and web programming. The Safe extension module\n allows users to compile and execute Perl code in restricted compartments.\n\n The Safe module did not properly restrict the code of implicitly called\n methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects\n returned as a result of unsafe code evaluation. These methods could have\n been executed unrestricted by Safe when such objects were accessed or\n destroyed. A specially-crafted Perl script executed inside of a Safe\n compartment could use this flaw to bypass intended Safe module\n restrictions. (CVE-2010-1168)\n \n The Safe module did not properly restrict code compiled in a Safe\n compartment and executed out of the compartment via a subroutine reference\n returned as a result of unsafe code evaluation. A specially-crafted Perl\n script executed inside of a Safe compartment could use this flaw to bypass\n intended Safe module restrictions, if the returned subroutine reference was\n called from outside of the compartment. (CVE-2010-1447)\n \n Red Hat would like to thank Tim Bunce for responsibly reporting the\n CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton\n as the original reporter of CVE-2010-1168, and Tim Bunce and Rafal\n Garcia-Suarez as the original reporters of CVE-2010-1447.\n \n These packages upgrade the Safe extension module to version 2.27. Refer to\n the Safe module's Changes file, linked to in the References, for a full\n list of changes.\n \n Users of perl are advised to upgrade to these updated packages, which\n correct these issues. All applications using the Safe extension module must\n be restarted for this update to take effect.\";\n\ntag_affected = \"perl on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-June/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870274\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-11 13:46:51 +0200 (Fri, 11 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0457-01\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_name(\"RedHat Update for perl RHSA-2010:0457-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.8.5~53.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.8.5~53.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.8.5~53.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.8.0~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CGI\", rpm:\"perl-CGI~2.89~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-CPAN\", rpm:\"perl-CPAN~1.61~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-DB_File\", rpm:\"perl-DB_File~1.806~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-debuginfo\", rpm:\"perl-debuginfo~5.8.0~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suidperl\", rpm:\"perl-suidperl~5.8.0~101.EL3\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Check for the Version of perl", "modified": "2017-12-22T00:00:00", "published": "2010-08-16T00:00:00", "id": "OPENVAS:862315", "href": "http://plugins.openvas.org/nasl.php?oid=862315", "type": "openvas", "title": "Fedora Update for perl FEDORA-2010-11340", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl FEDORA-2010-11340\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl is a high-level programming language with roots in C, sed, awk\n and shell scripting. Perl is good at handling processes and files,\n and is especially good at handling text. Perl's hallmarks are\n practicality and efficiency. While it is used to do a lot of\n different things, Perl's most common applications are system\n administration utilities and web programming. A large proportion of\n the CGI scripts on the web are written in Perl. You need the perl\n package installed on your system so that your system can handle Perl\n scripts.\n\n Install this package if you want to program in Perl or enable your\n system to handle Perl scripts.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"perl on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045418.html\");\n script_id(862315);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-16 14:28:27 +0200 (Mon, 16 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-11340\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_name(\"Fedora Update for perl FEDORA-2010-11340\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~91.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:04:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Check for the Version of perl", "modified": "2018-01-10T00:00:00", "published": "2010-06-15T00:00:00", "id": "OPENVAS:1361412562310831076", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831076", "type": "openvas", "title": "Mandriva Update for perl MDVSA-2010:115 (perl)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for perl MDVSA-2010:115 (perl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"perl on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in\n Safe.pm which could lead to escalated privilegies (CVE-2010-1168,\n CVE-2010-1447). The updated packages have been patched to correct\n these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-06/msg00012.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831076\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-15 05:04:13 +0200 (Tue, 15 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:115\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_name(\"Mandriva Update for perl MDVSA-2010:115 (perl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~25.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.10.0~25.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.0~25.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.10.0~25.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suid\", rpm:\"perl-suid~5.10.0~25.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.10.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.10.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suid\", rpm:\"perl-suid~5.10.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~25.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.10.0~25.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.0~25.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.10.0~25.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suid\", rpm:\"perl-suid~5.10.0~25.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:57:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Check for the Version of tkcvs", "modified": "2017-12-15T00:00:00", "published": "2010-04-16T00:00:00", "id": "OPENVAS:830972", "href": "http://plugins.openvas.org/nasl.php?oid=830972", "type": "openvas", "title": "Mandriva Update for tkcvs MDVA-2010:115 (tkcvs)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tkcvs MDVA-2010:115 (tkcvs)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"tkcvs on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"The tkcvs package did not work properly with Tk release 8.6 and\n later. This packages updates fixes this issue and ensure tcl is\n properly required by tkcvs package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00003.php\");\n script_id(830972);\n script_version(\"$Revision: 8130 $\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:115\");\n script_name(\"Mandriva Update for tkcvs MDVA-2010:115 (tkcvs)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tkcvs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tkcvs\", rpm:\"tkcvs~8.2~4.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:05:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Check for the Version of perl", "modified": "2018-01-22T00:00:00", "published": "2010-08-16T00:00:00", "id": "OPENVAS:1361412562310862315", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862315", "type": "openvas", "title": "Fedora Update for perl FEDORA-2010-11340", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl FEDORA-2010-11340\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl is a high-level programming language with roots in C, sed, awk\n and shell scripting. Perl is good at handling processes and files,\n and is especially good at handling text. Perl's hallmarks are\n practicality and efficiency. While it is used to do a lot of\n different things, Perl's most common applications are system\n administration utilities and web programming. A large proportion of\n the CGI scripts on the web are written in Perl. You need the perl\n package installed on your system so that your system can handle Perl\n scripts.\n\n Install this package if you want to program in Perl or enable your\n system to handle Perl scripts.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"perl on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045418.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862315\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-16 14:28:27 +0200 (Mon, 16 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-11340\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_name(\"Fedora Update for perl FEDORA-2010-11340\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~91.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-18T10:58:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Check for the Version of perl", "modified": "2017-12-18T00:00:00", "published": "2010-06-15T00:00:00", "id": "OPENVAS:831076", "href": "http://plugins.openvas.org/nasl.php?oid=831076", "type": "openvas", "title": "Mandriva Update for perl MDVSA-2010:115 (perl)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for perl MDVSA-2010:115 (perl)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"perl on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in\n Safe.pm which could lead to escalated privilegies (CVE-2010-1168,\n CVE-2010-1447). The updated packages have been patched to correct\n these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-06/msg00012.php\");\n script_id(831076);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-15 05:04:13 +0200 (Tue, 15 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:115\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_name(\"Mandriva Update for perl MDVSA-2010:115 (perl)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~25.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.10.0~25.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.0~25.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.10.0~25.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suid\", rpm:\"perl-suid~5.10.0~25.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.10.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.10.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suid\", rpm:\"perl-suid~5.10.0~25.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.0~25.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-base\", rpm:\"perl-base~5.10.0~25.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-devel\", rpm:\"perl-devel~5.10.0~25.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-doc\", rpm:\"perl-doc~5.10.0~25.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-suid\", rpm:\"perl-suid~5.10.0~25.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T10:54:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Check for the Version of tkcvs", "modified": "2018-01-02T00:00:00", "published": "2010-04-16T00:00:00", "id": "OPENVAS:1361412562310830972", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830972", "type": "openvas", "title": "Mandriva Update for tkcvs MDVA-2010:115 (tkcvs)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for tkcvs MDVA-2010:115 (tkcvs)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"tkcvs on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"The tkcvs package did not work properly with Tk release 8.6 and\n later. This packages updates fixes this issue and ensure tcl is\n properly required by tkcvs package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00003.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830972\");\n script_version(\"$Revision: 8269 $\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:115\");\n script_name(\"Mandriva Update for tkcvs MDVA-2010:115 (tkcvs)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tkcvs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"tkcvs\", rpm:\"tkcvs~8.2~4.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447", "CVE-2011-1487"], "description": "Check for the Version of perl", "modified": "2017-07-10T00:00:00", "published": "2011-04-29T00:00:00", "id": "OPENVAS:863046", "href": "http://plugins.openvas.org/nasl.php?oid=863046", "type": "openvas", "title": "Fedora Update for perl FEDORA-2011-4918", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl FEDORA-2011-4918\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl is a high-level programming language with roots in C, sed, awk\n and shell scripting. Perl is good at handling processes and files,\n and is especially good at handling text. Perl's hallmarks are\n practicality and efficiency. While it is used to do a lot of\n different things, Perl's most common applications are system\n administration utilities and web programming. A large proportion of\n the CGI scripts on the web are written in Perl. You need the perl\n package installed on your system so that your system can handle Perl\n scripts.\n\n Install this package if you want to program in Perl or enable your\n system to handle Perl scripts.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"perl on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058764.html\");\n script_id(863046);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-04-29 17:38:42 +0200 (Fri, 29 Apr 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-4918\");\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\", \"CVE-2011-1487\");\n script_name(\"Fedora Update for perl FEDORA-2011-4918\");\n\n script_summary(\"Check for the Version of perl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl\", rpm:\"perl~5.10.1~123.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:115\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : perl\r\n Date : June 11, 2010\r\n Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0,\r\n Multi Network Firewall 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in\r\n Safe.pm which could lead to escalated privilegies (CVE-2010-1168,\r\n CVE-2010-1447). The updated packages have been patched to correct\r\n these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n 00d3098831f3c94fd3e301a2e9b3d3d2 2009.0/i586/perl-5.10.0-25.2mdv2009.0.i586.rpm\r\n 5eb7a1bda35c58f0bf353cfa845ef65e 2009.0/i586/perl-base-5.10.0-25.2mdv2009.0.i586.rpm\r\n e465d32e8e21049d63ebc6c44730b691 2009.0/i586/perl-devel-5.10.0-25.2mdv2009.0.i586.rpm\r\n 479cdd1789b4ddb41e9309ebf24ba418 2009.0/i586/perl-doc-5.10.0-25.2mdv2009.0.i586.rpm\r\n 7c0936a984a432ed2e1bfc44c0d09fc9 2009.0/i586/perl-suid-5.10.0-25.2mdv2009.0.i586.rpm \r\n 82a2602a2f8ae6cf3a675a6918e24d3e 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n d3f41fadc8bd3688a8b0189eb1968c77 2009.0/x86_64/perl-5.10.0-25.2mdv2009.0.x86_64.rpm\r\n e5655094bbf5d1925db468ff707b8e18 2009.0/x86_64/perl-base-5.10.0-25.2mdv2009.0.x86_64.rpm\r\n 3c7aa589dfc884a80e4e70b269140d44 \r\n2009.0/x86_64/perl-devel-5.10.0-25.2mdv2009.0.x86_64.rpm\r\n 96691039825e0d138ecfb4f4731736ea 2009.0/x86_64/perl-doc-5.10.0-25.2mdv2009.0.x86_64.rpm\r\n 6854569c6281b018af7afbb2f3bc04ad \r\n2009.0/x86_64/perl-suid-5.10.0-25.2mdv2009.0.x86_64.rpm \r\n 82a2602a2f8ae6cf3a675a6918e24d3e 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 32ac91fdee352364f14770ec855e0375 2009.1/i586/perl-5.10.0-25.1mdv2009.1.i586.rpm\r\n a6d92fad394404c4f6e4ecdedf0ef3d0 2009.1/i586/perl-base-5.10.0-25.1mdv2009.1.i586.rpm\r\n 6ec44b6cd15d787afa051aa2f7a079a0 2009.1/i586/perl-devel-5.10.0-25.1mdv2009.1.i586.rpm\r\n 56cc85abe12ffc13e91c7d606c3f5a2f 2009.1/i586/perl-doc-5.10.0-25.1mdv2009.1.i586.rpm\r\n 6e5389395602f29f3678c9e8a5f1aa15 2009.1/i586/perl-suid-5.10.0-25.1mdv2009.1.i586.rpm \r\n d67bc28faa49cd0656ac8256c7cff801 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 5e955d0a68966fa5e8a408381e7046dd 2009.1/x86_64/perl-5.10.0-25.1mdv2009.1.x86_64.rpm\r\n 9de85776e7e93665721dce1731474229 2009.1/x86_64/perl-base-5.10.0-25.1mdv2009.1.x86_64.rpm\r\n 2dcc1876750306565ca77cfa69e83e2b \r\n2009.1/x86_64/perl-devel-5.10.0-25.1mdv2009.1.x86_64.rpm\r\n 2a24a59f7557ecd5f9f231677b50fa00 2009.1/x86_64/perl-doc-5.10.0-25.1mdv2009.1.x86_64.rpm\r\n bb2d6a661623d31317822aeb7308b9dd \r\n2009.1/x86_64/perl-suid-5.10.0-25.1mdv2009.1.x86_64.rpm \r\n d67bc28faa49cd0656ac8256c7cff801 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm\r\n\r\n Corporate 4.0:\r\n b326fe2db35f1dd9ac9169f9af6b5fc1 corporate/4.0/i586/perl-5.8.7-3.6.20060mlcs4.i586.rpm\r\n 3283f2531e5d33008b61575d7c90cedd \r\ncorporate/4.0/i586/perl-base-5.8.7-3.6.20060mlcs4.i586.rpm\r\n 2dea5e372272c9990fb79d5e0b3d4c16 \r\ncorporate/4.0/i586/perl-devel-5.8.7-3.6.20060mlcs4.i586.rpm\r\n 245ea4f820b232d147045b1e02e1bbb5 \r\ncorporate/4.0/i586/perl-doc-5.8.7-3.6.20060mlcs4.i586.rpm\r\n 3e2bad0ffc7ed43c865c6ae1b76f05ef \r\ncorporate/4.0/i586/perl-suid-5.8.7-3.6.20060mlcs4.i586.rpm \r\n 65dfaa9de6379b4d1f7a7b996b6af8be corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 2bb0dc22bd0bae5dd123d95f7f304934 \r\ncorporate/4.0/x86_64/perl-5.8.7-3.6.20060mlcs4.x86_64.rpm\r\n 54dd2c26efb5f0b83f8f82cc6da12e46 \r\ncorporate/4.0/x86_64/perl-base-5.8.7-3.6.20060mlcs4.x86_64.rpm\r\n 15f9345bd763e98aff10ffc36811f699 \r\ncorporate/4.0/x86_64/perl-devel-5.8.7-3.6.20060mlcs4.x86_64.rpm\r\n 297218e6bf27da8dd414078b36218757 \r\ncorporate/4.0/x86_64/perl-doc-5.8.7-3.6.20060mlcs4.x86_64.rpm\r\n 526f48beb05b4175e867bc1ec852fa77 \r\ncorporate/4.0/x86_64/perl-suid-5.8.7-3.6.20060mlcs4.x86_64.rpm \r\n 65dfaa9de6379b4d1f7a7b996b6af8be corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 95bfe8ce07733fe7ec7890bacf1770f5 mes5/i586/perl-5.10.0-25.2mdvmes5.1.i586.rpm\r\n 04d8c9d3262848cae5211d136c83b995 mes5/i586/perl-base-5.10.0-25.2mdvmes5.1.i586.rpm\r\n 8186d5d14d1aec46e27b12540c98673a mes5/i586/perl-devel-5.10.0-25.2mdvmes5.1.i586.rpm\r\n 0f13e7c3e3ed27b539e1f1cb8a881be2 mes5/i586/perl-doc-5.10.0-25.2mdvmes5.1.i586.rpm\r\n 4e9f1aae20148662c3dee770a792f55c mes5/i586/perl-suid-5.10.0-25.2mdvmes5.1.i586.rpm \r\n d9e5230e96aa99ef5c5a5c52e3061c4a mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 869dfeea157fc17cedf1e9e66ddb3bb9 mes5/x86_64/perl-5.10.0-25.2mdvmes5.1.x86_64.rpm\r\n b20b2f46b7a74f8e98e19c8b917e6292 mes5/x86_64/perl-base-5.10.0-25.2mdvmes5.1.x86_64.rpm\r\n 116dc346f811a5cd6bfaec340b79aac1 mes5/x86_64/perl-devel-5.10.0-25.2mdvmes5.1.x86_64.rpm\r\n 75d5d76d48f16ea5af6e5a903e553d43 mes5/x86_64/perl-doc-5.10.0-25.2mdvmes5.1.x86_64.rpm\r\n c0067e1c7f55bfffc7f7527a4268b6c8 mes5/x86_64/perl-suid-5.10.0-25.2mdvmes5.1.x86_64.rpm \r\n d9e5230e96aa99ef5c5a5c52e3061c4a mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm\r\n\r\n Multi Network Firewall 2.0:\r\n 116523d57e391e8200aa088228b97c6a mnf/2.0/i586/perl-5.8.3-5.9.M20mdk.i586.rpm\r\n c618fe9ae03b5631f77b601e1cc3261c mnf/2.0/i586/perl-base-5.8.3-5.9.M20mdk.i586.rpm\r\n 3ecda619d7cc1afe47b1bbfafa0b9672 mnf/2.0/i586/perl-devel-5.8.3-5.9.M20mdk.i586.rpm\r\n 04bfa6b5384b173164912fc4adad9459 mnf/2.0/i586/perl-doc-5.8.3-5.9.M20mdk.i586.rpm \r\n 72247c85df7d57f488f9792eb88d2b3d mnf/2.0/SRPMS/perl-5.8.3-5.9.M20mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFMEnfBmqjQ0CJFipgRAjqEAJsErSC9PCwvbWa5h7royEJCuAjytgCgm3a2\r\nNFcHdnhcspKfkVASVXYME3A=\r\n=3PM8\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-06-14T00:00:00", "published": "2010-06-14T00:00:00", "id": "SECURITYVULNS:DOC:24049", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24049", "title": "[ MDVSA-2010:115 ] perl", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Safe.pm protection bypass", "edition": 1, "modified": "2010-06-14T00:00:00", "published": "2010-06-14T00:00:00", "id": "SECURITYVULNS:VULN:10923", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10923", "title": "Perl protection bypass", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2010-4410", "CVE-2010-1168", "CVE-2010-2761", "CVE-2010-1447", "CVE-2010-4411", "CVE-2011-1487"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1129-1\r\nMay 03, 2011\r\n\r\nperl vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n- Ubuntu 6.06 LTS\r\n\r\nSummary:\r\n\r\nAn attacker could send crafted input to Perl and bypass intended\r\nrestrictions.\r\n\r\nSoftware Description:\r\n- perl: Larry Wall's Practical Extraction and Report Language\r\n\r\nDetails:\r\n\r\nIt was discovered that the Safe.pm Perl module incorrectly handled\r\nSafe::reval and Safe::rdo access restrictions. An attacker could use this\r\nflaw to bypass intended restrictions and possibly execute arbitrary code.\r\n(CVE-2010-1168, CVE-2010-1447)\r\n\r\nIt was discovered that the CGI.pm Perl module incorrectly handled certain\r\nMIME boundary strings. An attacker could use this flaw to inject arbitrary\r\nHTTP headers and perform HTTP response splitting and cross-site scripting\r\nattacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and\r\n10.10. (CVE-2010-2761, CVE-2010-4411)\r\n\r\nIt was discovered that the CGI.pm Perl module incorrectly handled newline\r\ncharacters. An attacker could use this flaw to inject arbitrary HTTP\r\nheaders and perform HTTP response splitting and cross-site scripting\r\nattacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and\r\n10.10. (CVE-2010-4410)\r\n\r\nIt was discovered that the lc, lcfirst, uc, and ucfirst functions did not\r\nproperly apply the taint attribute when processing tainted input. An\r\nattacker could use this flaw to bypass intended restrictions. This issue\r\nonly affected Ubuntu 8.04 LTS, 10.04 LTS and 10.10. (CVE-2011-1487)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n perl 5.10.1-17ubuntu4.1\r\n\r\nUbuntu 10.10:\r\n perl 5.10.1-12ubuntu2.1\r\n\r\nUbuntu 10.04 LTS:\r\n perl 5.10.1-8ubuntu2.1\r\n\r\nUbuntu 8.04 LTS:\r\n perl 5.8.8-12ubuntu0.5\r\n\r\nUbuntu 6.06 LTS:\r\n perl 5.8.7-10ubuntu1.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n CVE-2010-1168, CVE-2010-1447, CVE-2010-2761, CVE-2010-4410,\r\n CVE-2010-4411, CVE-2011-1487\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/perl/5.10.1-17ubuntu4.1\r\n https://launchpad.net/ubuntu/+source/perl/5.10.1-12ubuntu2.1\r\n https://launchpad.net/ubuntu/+source/perl/5.10.1-8ubuntu2.1\r\n https://launchpad.net/ubuntu/+source/perl/5.8.8-12ubuntu0.5\r\n https://launchpad.net/ubuntu/+source/perl/5.8.7-10ubuntu1.3\r\n\r\n", "edition": 1, "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "SECURITYVULNS:DOC:26304", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26304", "title": "[USN-1129-1] Perl vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "cvelist": ["CVE-2010-4334", "CVE-2010-4410", "CVE-2010-1168", "CVE-2010-2761", "CVE-2010-1447", "CVE-2010-4411", "CVE-2011-1487"], "description": "Data injection and protection bypass in lc, lcfirst, uc, ucfirst functions and CGI module.", "edition": 1, "modified": "2011-05-20T00:00:00", "published": "2011-05-20T00:00:00", "id": "SECURITYVULNS:VULN:11649", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11649", "title": "perl multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:30", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Perl is a high-level programming language commonly used for system\nadministration utilities and web programming. The Safe extension module\nallows users to compile and execute Perl code in restricted compartments.\n\nThe Safe module did not properly restrict the code of implicitly called\nmethods (such as DESTROY and AUTOLOAD) on implicitly blessed objects\nreturned as a result of unsafe code evaluation. These methods could have\nbeen executed unrestricted by Safe when such objects were accessed or\ndestroyed. A specially-crafted Perl script executed inside of a Safe\ncompartment could use this flaw to bypass intended Safe module\nrestrictions. (CVE-2010-1168)\n\nThe Safe module did not properly restrict code compiled in a Safe\ncompartment and executed out of the compartment via a subroutine reference\nreturned as a result of unsafe code evaluation. A specially-crafted Perl\nscript executed inside of a Safe compartment could use this flaw to bypass\nintended Safe module restrictions, if the returned subroutine reference was\ncalled from outside of the compartment. (CVE-2010-1447)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton\nas the original reporter of CVE-2010-1168, and Tim Bunce and Rafa\u00ebl\nGarcia-Suarez as the original reporters of CVE-2010-1447.\n\nThese packages upgrade the Safe extension module to version 2.27. Refer to\nthe Safe module's Changes file, linked to in the References, for a full\nlist of changes.\n\nUsers of perl are advised to upgrade to these updated packages, which\ncorrect these issues. All applications using the Safe extension module must\nbe restarted for this update to take effect.\n", "modified": "2018-05-26T04:26:17", "published": "2010-06-07T04:00:00", "id": "RHSA-2010:0457", "href": "https://access.redhat.com/errata/RHSA-2010:0457", "type": "redhat", "title": "(RHSA-2010:0457) Moderate: perl security update", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:28", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5302", "CVE-2008-5303", "CVE-2010-1168", "CVE-2010-1447"], "description": "Perl is a high-level programming language commonly used for system\nadministration utilities and web programming. The Safe extension module\nallows users to compile and execute Perl code in restricted compartments.\nThe File::Path module allows users to create and remove directory trees.\n\nThe Safe module did not properly restrict the code of implicitly called\nmethods (such as DESTROY and AUTOLOAD) on implicitly blessed objects\nreturned as a result of unsafe code evaluation. These methods could have\nbeen executed unrestricted by Safe when such objects were accessed or\ndestroyed. A specially-crafted Perl script executed inside of a Safe\ncompartment could use this flaw to bypass intended Safe module\nrestrictions. (CVE-2010-1168)\n\nThe Safe module did not properly restrict code compiled in a Safe\ncompartment and executed out of the compartment via a subroutine reference\nreturned as a result of unsafe code evaluation. A specially-crafted Perl\nscript executed inside of a Safe compartment could use this flaw to bypass\nintended Safe module restrictions, if the returned subroutine reference was\ncalled from outside of the compartment. (CVE-2010-1447)\n\nMultiple race conditions were found in the way the File::Path module's\nrmtree function removed directory trees. A malicious, local user with write\naccess to a directory being removed by a victim, running a Perl script\nusing rmtree, could cause the permissions of arbitrary files to be changed\nto world-writable and setuid, or delete arbitrary files via a symbolic link\nattack, if the victim had the privileges to change the permissions of the\ntarget files or to remove them. (CVE-2008-5302, CVE-2008-5303)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton\nas the original reporter of CVE-2010-1168, and Tim Bunce and Rafael\nGarcia-Suarez as the original reporters of CVE-2010-1447.\n\nThese packages upgrade the Safe extension module to version 2.27. Refer to\nthe Safe module's Changes file, linked to in the References, for a full\nlist of changes.\n\nUsers of perl are advised to upgrade to these updated packages, which\ncorrect these issues. All applications using the Safe or File::Path modules\nmust be restarted for this update to take effect.\n", "modified": "2017-09-08T11:54:12", "published": "2010-06-07T04:00:00", "id": "RHSA-2010:0458", "href": "https://access.redhat.com/errata/RHSA-2010:0458", "type": "redhat", "title": "(RHSA-2010:0458) Moderate: perl security update", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. Install this package if you want to program in Perl or enable your system to handle Perl scripts. ", "modified": "2010-08-13T21:12:30", "published": "2010-08-13T21:12:30", "id": "FEDORA:2ABEF111145", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: perl-5.10.0-91.fc12", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. Install this package if you want to program in Perl or enable your system to handle Perl scripts. ", "modified": "2010-08-03T01:10:38", "published": "2010-08-03T01:10:38", "id": "FEDORA:1C603110F4C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: perl-5.10.1-116.fc13", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1168", "CVE-2010-1447", "CVE-2011-1487"], "description": "Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts. Install this package if you want to program in Perl or enable your system to handle Perl scripts. ", "modified": "2011-04-23T20:49:40", "published": "2011-04-23T20:49:40", "id": "FEDORA:3803711051E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: perl-5.10.1-123.fc13", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T14:46:53", "description": "perl Safe.pm module was affected by two problems where attackers could\nbreak out of such a safed execution (CVE-2010-1447 / CVE-2010-1168).\nThis update fixes this problem.", "edition": 23, "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : Perl (ZYPP Patch Number 7108)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "modified": "2010-10-11T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_PERL-7108.NASL", "href": "https://www.tenable.com/plugins/nessus/49914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49914);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n\n script_name(english:\"SuSE 10 Security Update : Perl (ZYPP Patch Number 7108)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"perl Safe.pm module was affected by two problems where attackers could\nbreak out of such a safed execution (CVE-2010-1447 / CVE-2010-1168).\nThis update fixes this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1168.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7108.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"perl-5.8.8-14.15.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"perl-32bit-5.8.8-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"perl-5.8.8-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"perl-32bit-5.8.8-14.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:52:43", "description": "Multiple vulnerabilities has been discovered and corrected in Safe.pm\nwhich could lead to escalated privilegies (CVE-2010-1168,\nCVE-2010-1447). The updated packages have been patched to correct\nthese issues.", "edition": 25, "published": "2010-06-14T00:00:00", "title": "Mandriva Linux Security Advisory : perl (MDVSA-2010:115)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "modified": "2010-06-14T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:perl-base", "p-cpe:/a:mandriva:linux:perl-suid", "p-cpe:/a:mandriva:linux:perl-doc", "p-cpe:/a:mandriva:linux:perl-devel", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:perl"], "id": "MANDRIVA_MDVSA-2010-115.NASL", "href": "https://www.tenable.com/plugins/nessus/46877", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:115. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46877);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_bugtraq_id(40302, 40305);\n script_xref(name:\"MDVSA\", value:\"2010:115\");\n\n script_name(english:\"Mandriva Linux Security Advisory : perl (MDVSA-2010:115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in Safe.pm\nwhich could lead to escalated privilegies (CVE-2010-1168,\nCVE-2010-1447). The updated packages have been patched to correct\nthese issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-suid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"perl-5.10.0-25.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"perl-base-5.10.0-25.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"perl-devel-5.10.0-25.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"perl-doc-5.10.0-25.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"perl-suid-5.10.0-25.2mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"perl-5.10.0-25.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"perl-base-5.10.0-25.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"perl-devel-5.10.0-25.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"perl-doc-5.10.0-25.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"perl-suid-5.10.0-25.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:49", "description": "CVE-2010-1168 perl Safe: Intended restriction bypass via object\nreferences CVE-2010-1447 perl: Safe restriction bypass when reference\nto subroutine in compartment is called from outside Perl leaked memory\nwith ENV.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-08-03T00:00:00", "title": "Fedora 13 : perl-5.10.1-116.fc13 (2010-11323)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "modified": "2010-08-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:perl", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-11323.NASL", "href": "https://www.tenable.com/plugins/nessus/48227", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11323.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48227);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_xref(name:\"FEDORA\", value:\"2010-11323\");\n\n script_name(english:\"Fedora 13 : perl-5.10.1-116.fc13 (2010-11323)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2010-1168 perl Safe: Intended restriction bypass via object\nreferences CVE-2010-1447 perl: Safe restriction bypass when reference\nto subroutine in compartment is called from outside Perl leaked memory\nwith ENV.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=576508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=588269\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/044979.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a05701d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"perl-5.10.1-116.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:31", "description": "perl Safe.pm module was affected by two problems where attackers could\nbreak out of such a safed execution (CVE-2010-1447, CVE-2010-1168).\nThis update fixes this problem.", "edition": 23, "published": "2010-08-25T00:00:00", "title": "SuSE9 Security Update : Perl (YOU Patch Number 12628)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "modified": "2010-08-25T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12628.NASL", "href": "https://www.tenable.com/plugins/nessus/48429", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48429);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n\n script_name(english:\"SuSE9 Security Update : Perl (YOU Patch Number 12628)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"perl Safe.pm module was affected by two problems where attackers could\nbreak out of such a safed execution (CVE-2010-1447, CVE-2010-1168).\nThis update fixes this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1168.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12628.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"perl-5.8.3-32.16\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"perl-32bit-9-201007292356\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:05:00", "description": "perl Safe.pm module was affected by two problems where attackers could\nbreak out of such a safed execution. (CVE-2010-1447 , CVE-2010-1168)\n\nThis update fixes this problem. Also the following bugs were fixed :\n\n - fix tell cornercase [bnc#596167]\n\n - fix regex memory leak [bnc#557636]\n\n - also run h2ph on /usr/include/linux [bnc#603840]\n\n - backport h2ph include fix from 5.12.0 [bnc#601242]\n\n - fix segfault when using regexpes in threaded apps\n [bnc#588338]\n\n - backport upstream fixes for POSIX module to avoid\n clashes with Fcntl [bnc#446098], [bnc#515948]\n\n - backport upstream fix for ISA assertion failure\n [bnc#528423]\n\n - move unicode files from perl-doc to perl, otherwise some\n perl modules will not work", "edition": 24, "published": "2010-08-19T00:00:00", "title": "openSUSE Security Update : perl (openSUSE-SU-2010:0519-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "modified": "2010-08-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:perl", "p-cpe:/a:novell:opensuse:perl-base", "p-cpe:/a:novell:opensuse:perl-base-32bit", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:perl-32bit"], "id": "SUSE_11_1_PERL-100730.NASL", "href": "https://www.tenable.com/plugins/nessus/48372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update perl-2829.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48372);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n\n script_name(english:\"openSUSE Security Update : perl (openSUSE-SU-2010:0519-1)\");\n script_summary(english:\"Check for the perl-2829 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"perl Safe.pm module was affected by two problems where attackers could\nbreak out of such a safed execution. (CVE-2010-1447 , CVE-2010-1168)\n\nThis update fixes this problem. Also the following bugs were fixed :\n\n - fix tell cornercase [bnc#596167]\n\n - fix regex memory leak [bnc#557636]\n\n - also run h2ph on /usr/include/linux [bnc#603840]\n\n - backport h2ph include fix from 5.12.0 [bnc#601242]\n\n - fix segfault when using regexpes in threaded apps\n [bnc#588338]\n\n - backport upstream fixes for POSIX module to avoid\n clashes with Fcntl [bnc#446098], [bnc#515948]\n\n - backport upstream fix for ISA assertion failure\n [bnc#528423]\n\n - move unicode files from perl-doc to perl, otherwise some\n perl modules will not work\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=446098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=515948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=557636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=588338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=596167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=601242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00043.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"perl-5.10.0-62.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"perl-base-5.10.0-62.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"perl-32bit-5.10.0-62.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.10.0-62.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:06:28", "description": "perl Safe.pm module was affected by two problems where attackers could\nbreak out of such a safed execution. (CVE-2010-1447 , CVE-2010-1168)\n\nThis update fixes this problem. Also following non-security bugs were\nfixed :\n\n - fix tell cornercase [bnc#596167]\n\n - fix regex memory leak [bnc#557636]\n\n - do not add vendorlib/auto to filelist [bnc#624628]\n\n - also run h2ph on /usr/include/linux [bnc#603840]\n\n - backport h2ph include fix from 5.12.0 [bnc#601242]", "edition": 24, "published": "2010-08-19T00:00:00", "title": "openSUSE Security Update : perl (openSUSE-SU-2010:0518-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "modified": "2010-08-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:perl", "p-cpe:/a:novell:opensuse:perl-base", "p-cpe:/a:novell:opensuse:perl-base-32bit", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:perl-32bit"], "id": "SUSE_11_2_PERL-100730.NASL", "href": "https://www.tenable.com/plugins/nessus/48373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update perl-2830.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48373);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n\n script_name(english:\"openSUSE Security Update : perl (openSUSE-SU-2010:0518-1)\");\n script_summary(english:\"Check for the perl-2830 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"perl Safe.pm module was affected by two problems where attackers could\nbreak out of such a safed execution. (CVE-2010-1447 , CVE-2010-1168)\n\nThis update fixes this problem. Also following non-security bugs were\nfixed :\n\n - fix tell cornercase [bnc#596167]\n\n - fix regex memory leak [bnc#557636]\n\n - do not add vendorlib/auto to filelist [bnc#624628]\n\n - also run h2ph on /usr/include/linux [bnc#603840]\n\n - backport h2ph include fix from 5.12.0 [bnc#601242]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=557636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=596167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=601242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=624628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00042.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"perl-5.10.0-72.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"perl-base-5.10.0-72.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"perl-32bit-5.10.0-72.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"perl-base-32bit-5.10.0-72.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:13:49", "description": "perl Safe.pm module was affected by two problems where attackers could\nbreak out of such a safed execution (CVE-2010-1447 / CVE-2010-1168).\nThis update fixes this problem.\n\nIt also fixes the following bugs :\n\n - fix tell cornercase [bnc#596167]\n\n - fix regex memory leak [bnc#557636]\n\n - also run h2ph on /usr/include/linux [bnc#603840]\n\n - backport h2ph include fix from 5.12.0 [bnc#601242]\n\n - fix segfault when using regexpes in threaded apps\n [bnc#588338]\n\n - backport upstream fixes for POSIX module to avoid\n clashes with Fcntl [bnc#446098], [bnc#515948]\n\n - backport upstream fix for ISA assertion failure\n [bnc#528423]\n\n - move unicode files from perl-doc to perl, otherwise some\n perl modules will not work", "edition": 23, "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : Perl (SAT Patch Numbers 2833 / 2834)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:perl-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:perl-base", "p-cpe:/a:novell:suse_linux:11:perl-doc", "p-cpe:/a:novell:suse_linux:11:perl"], "id": "SUSE_11_PERL-100730.NASL", "href": "https://www.tenable.com/plugins/nessus/50956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50956);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : Perl (SAT Patch Numbers 2833 / 2834)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"perl Safe.pm module was affected by two problems where attackers could\nbreak out of such a safed execution (CVE-2010-1447 / CVE-2010-1168).\nThis update fixes this problem.\n\nIt also fixes the following bugs :\n\n - fix tell cornercase [bnc#596167]\n\n - fix regex memory leak [bnc#557636]\n\n - also run h2ph on /usr/include/linux [bnc#603840]\n\n - backport h2ph include fix from 5.12.0 [bnc#601242]\n\n - fix segfault when using regexpes in threaded apps\n [bnc#588338]\n\n - backport upstream fixes for POSIX module to avoid\n clashes with Fcntl [bnc#446098], [bnc#515948]\n\n - backport upstream fix for ISA assertion failure\n [bnc#528423]\n\n - move unicode files from perl-doc to perl, otherwise some\n perl modules will not work\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=446098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=515948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=557636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=588338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=596167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=601242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=603840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=605928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1168.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1447.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2833 / 2834 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:perl-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:perl-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:perl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"perl-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"perl-base-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"perl-doc-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"perl-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"perl-32bit-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"perl-base-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"perl-doc-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"perl-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"perl-base-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"perl-doc-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"perl-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"perl-32bit-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"perl-base-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"perl-doc-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"perl-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"perl-base-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"perl-doc-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"perl-32bit-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"perl-32bit-5.10.0-64.44.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"perl-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"perl-base-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"perl-doc-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"perl-32bit-5.10.0-64.48.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"perl-32bit-5.10.0-64.48.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:49", "description": "Updated perl packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 3 and 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming. The Safe extension\nmodule allows users to compile and execute Perl code in restricted\ncompartments.\n\nThe Safe module did not properly restrict the code of implicitly\ncalled methods (such as DESTROY and AUTOLOAD) on implicitly blessed\nobjects returned as a result of unsafe code evaluation. These methods\ncould have been executed unrestricted by Safe when such objects were\naccessed or destroyed. A specially crafted Perl script executed inside\nof a Safe compartment could use this flaw to bypass intended Safe\nmodule restrictions. (CVE-2010-1168)\n\nThe Safe module did not properly restrict code compiled in a Safe\ncompartment and executed out of the compartment via a subroutine\nreference returned as a result of unsafe code evaluation. A specially\ncrafted Perl script executed inside of a Safe compartment could use\nthis flaw to bypass intended Safe module restrictions, if the returned\nsubroutine reference was called from outside of the compartment.\n(CVE-2010-1447)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick\nCleaton as the original reporter of CVE-2010-1168, and Tim Bunce and\nRafael Garcia-Suarez as the original reporters of CVE-2010-1447.\n\nThese packages upgrade the Safe extension module to version 2.27.\nRefer to the Safe module's Changes file, linked to in the References,\nfor a full list of changes.\n\nUsers of perl are advised to upgrade to these updated packages, which\ncorrect these issues. All applications using the Safe extension module\nmust be restarted for this update to take effect.", "edition": 29, "published": "2010-06-08T00:00:00", "title": "RHEL 3 / 4 : perl (RHSA-2010:0457)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "modified": "2010-06-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:perl-CGI", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:perl", "p-cpe:/a:redhat:enterprise_linux:perl-suidperl", "p-cpe:/a:redhat:enterprise_linux:perl-CPAN", "p-cpe:/a:redhat:enterprise_linux:perl-DB_File"], "id": "REDHAT-RHSA-2010-0457.NASL", "href": "https://www.tenable.com/plugins/nessus/46833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0457. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46833);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_bugtraq_id(40302, 40305);\n script_xref(name:\"RHSA\", value:\"2010:0457\");\n\n script_name(english:\"RHEL 3 / 4 : perl (RHSA-2010:0457)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated perl packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 3 and 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming. The Safe extension\nmodule allows users to compile and execute Perl code in restricted\ncompartments.\n\nThe Safe module did not properly restrict the code of implicitly\ncalled methods (such as DESTROY and AUTOLOAD) on implicitly blessed\nobjects returned as a result of unsafe code evaluation. These methods\ncould have been executed unrestricted by Safe when such objects were\naccessed or destroyed. A specially crafted Perl script executed inside\nof a Safe compartment could use this flaw to bypass intended Safe\nmodule restrictions. (CVE-2010-1168)\n\nThe Safe module did not properly restrict code compiled in a Safe\ncompartment and executed out of the compartment via a subroutine\nreference returned as a result of unsafe code evaluation. A specially\ncrafted Perl script executed inside of a Safe compartment could use\nthis flaw to bypass intended Safe module restrictions, if the returned\nsubroutine reference was called from outside of the compartment.\n(CVE-2010-1447)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick\nCleaton as the original reporter of CVE-2010-1168, and Tim Bunce and\nRafael Garcia-Suarez as the original reporters of CVE-2010-1447.\n\nThese packages upgrade the Safe extension module to version 2.27.\nRefer to the Safe module's Changes file, linked to in the References,\nfor a full list of changes.\n\nUsers of perl are advised to upgrade to these updated packages, which\ncorrect these issues. All applications using the Safe extension module\nmust be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1447\"\n );\n # http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fastapi.metacpan.org/source/RGARCIA/Safe-2.27/Changes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0457\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-CGI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-CPAN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-DB_File\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-suidperl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0457\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"perl-5.8.0-101.EL3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"perl-CGI-2.89-101.EL3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"perl-CPAN-1.61-101.EL3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"perl-DB_File-1.806-101.EL3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"perl-suidperl-5.8.0-101.EL3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"perl-5.8.5-53.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"perl-suidperl-5.8.5-53.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl / perl-CGI / perl-CPAN / perl-DB_File / perl-suidperl\");\n }\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:51", "description": "Perl is a high-level programming language commonly used for system\nadministration utilities and web programming. The Safe extension\nmodule allows users to compile and execute Perl code in restricted\ncompartments.\n\nThe Safe module did not properly restrict the code of implicitly\ncalled methods (such as DESTROY and AUTOLOAD) on implicitly blessed\nobjects returned as a result of unsafe code evaluation. These methods\ncould have been executed unrestricted by Safe when such objects were\naccessed or destroyed. A specially crafted Perl script executed inside\nof a Safe compartment could use this flaw to bypass intended Safe\nmodule restrictions. (CVE-2010-1168)\n\nThe Safe module did not properly restrict code compiled in a Safe\ncompartment and executed out of the compartment via a subroutine\nreference returned as a result of unsafe code evaluation. A specially\ncrafted Perl script executed inside of a Safe compartment could use\nthis flaw to bypass intended Safe module restrictions, if the returned\nsubroutine reference was called from outside of the compartment.\n(CVE-2010-1447)\n\nThese packages upgrade the Safe extension module to version 2.27.\nRefer to the Safe module's Changes file at the following link for a\nfull list of changes.\nhttp://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes\n\nAll applications using the Safe extension module must be restarted for\nthis update to take effect.", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : perl on SL3.x, SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100607_PERL_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60800);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n\n script_name(english:\"Scientific Linux Security Update : perl on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Perl is a high-level programming language commonly used for system\nadministration utilities and web programming. The Safe extension\nmodule allows users to compile and execute Perl code in restricted\ncompartments.\n\nThe Safe module did not properly restrict the code of implicitly\ncalled methods (such as DESTROY and AUTOLOAD) on implicitly blessed\nobjects returned as a result of unsafe code evaluation. These methods\ncould have been executed unrestricted by Safe when such objects were\naccessed or destroyed. A specially crafted Perl script executed inside\nof a Safe compartment could use this flaw to bypass intended Safe\nmodule restrictions. (CVE-2010-1168)\n\nThe Safe module did not properly restrict code compiled in a Safe\ncompartment and executed out of the compartment via a subroutine\nreference returned as a result of unsafe code evaluation. A specially\ncrafted Perl script executed inside of a Safe compartment could use\nthis flaw to bypass intended Safe module restrictions, if the returned\nsubroutine reference was called from outside of the compartment.\n(CVE-2010-1447)\n\nThese packages upgrade the Safe extension module to version 2.27.\nRefer to the Safe module's Changes file at the following link for a\nfull list of changes.\nhttp://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes\n\nAll applications using the Safe extension module must be restarted for\nthis update to take effect.\"\n );\n # http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fastapi.metacpan.org/source/RGARCIA/Safe-2.27/Changes\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1006&L=scientific-linux-errata&T=0&P=519\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5715f08a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"perl-5.8.0-101.EL3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"perl-CGI-2.89-101.EL3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"perl-CPAN-1.61-101.EL3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"perl-DB_File-1.806-101.EL3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"perl-suidperl-5.8.0-101.EL3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"perl-5.8.5-53.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"perl-suidperl-5.8.5-53.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:50", "description": " - Wed Jul 21 2010 Marcela Maslaova <mmaslano at\n redhat.com> - 4:5.10.0-91\n\n - CVE-2010-1168 perl Safe: Intended restriction bypass\n via object references\n\n - CVE-2010-1447 perl: Safe restriction bypass when\n reference to subroutine in compartment is called from\n outside\n\n - 576824 RT#73814 - unpack() didn't handle scalar context\n correctly\n\n - Resolves: rhbz#588269, rhbz#576508\n\n - Fri Jul 9 2010 Petr Pisar <ppisar at redhat.com> -\n 4:5.10.0-90\n\n - Add Digest::SHA requirement to perl-CPAN and\n perl-CPANPLUS (bug #612563)\n\n - Wed Jul 7 2010 Petr Pisar <ppisar at redhat.com> -\n 4:5.10.0-89\n\n - Fix perl-5.10.0-Encode-err.patch patch to be\n applicable\n\n - Fix incorrect return code on failed extraction by\n upgrading Archive::Tar to 1.62 (bug #607687)\n\n - Wed Mar 17 2010 Marcela Maslaova <mmaslano at\n redhat.com> - 4:5.10.0-88\n\n - rebuild, e.g. Patch62 is missing in koji build\n\n - Tue Dec 1 2009 Stepan Kasal <skasal at redhat.com> -\n 4:5.10.0-87\n\n - fix patch-update-Compress-Raw-Zlib.patch (did not\n patch Zlib.pm)\n\n - update Compress::Raw::Zlib to 2.023\n\n - update IO::Compress::Base, and IO::Compress::Zlib to\n 2.015 (#542645)\n\n - Mon Nov 30 2009 Marcela Maslaova <mmaslano at\n redhat.com> - 4:5.10.0-86\n\n - 542645 update IO-Compress-Base\n\n - Tue Nov 24 2009 Stepan Kasal <skasal at redhat.com> -\n 4:5.10.0-85\n\n - back out perl-5.10.0-spamassassin.patch (#528572)\n\n - Thu Oct 1 2009 Chris Weyl <cweyl at alumni.drew.edu> -\n 4:5.10.0-84\n\n - add /perl(UNIVERSAL)/d; /perl(DB)/d to\n perl_default_filter auto-provides filtering\n\n - Thu Oct 1 2009 Stepan Kasal <skasal at redhat.com> -\n 4:5.10.0-83\n\n - update Storable to 2.21\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-08-14T00:00:00", "title": "Fedora 12 : perl-5.10.0-91.fc12 (2010-11340)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "modified": "2010-08-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:perl", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-11340.NASL", "href": "https://www.tenable.com/plugins/nessus/48324", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-11340.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48324);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1168\", \"CVE-2010-1447\");\n script_bugtraq_id(40302, 40305);\n script_xref(name:\"FEDORA\", value:\"2010-11340\");\n\n script_name(english:\"Fedora 12 : perl-5.10.0-91.fc12 (2010-11340)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Jul 21 2010 Marcela Maslaova <mmaslano at\n redhat.com> - 4:5.10.0-91\n\n - CVE-2010-1168 perl Safe: Intended restriction bypass\n via object references\n\n - CVE-2010-1447 perl: Safe restriction bypass when\n reference to subroutine in compartment is called from\n outside\n\n - 576824 RT#73814 - unpack() didn't handle scalar context\n correctly\n\n - Resolves: rhbz#588269, rhbz#576508\n\n - Fri Jul 9 2010 Petr Pisar <ppisar at redhat.com> -\n 4:5.10.0-90\n\n - Add Digest::SHA requirement to perl-CPAN and\n perl-CPANPLUS (bug #612563)\n\n - Wed Jul 7 2010 Petr Pisar <ppisar at redhat.com> -\n 4:5.10.0-89\n\n - Fix perl-5.10.0-Encode-err.patch patch to be\n applicable\n\n - Fix incorrect return code on failed extraction by\n upgrading Archive::Tar to 1.62 (bug #607687)\n\n - Wed Mar 17 2010 Marcela Maslaova <mmaslano at\n redhat.com> - 4:5.10.0-88\n\n - rebuild, e.g. Patch62 is missing in koji build\n\n - Tue Dec 1 2009 Stepan Kasal <skasal at redhat.com> -\n 4:5.10.0-87\n\n - fix patch-update-Compress-Raw-Zlib.patch (did not\n patch Zlib.pm)\n\n - update Compress::Raw::Zlib to 2.023\n\n - update IO::Compress::Base, and IO::Compress::Zlib to\n 2.015 (#542645)\n\n - Mon Nov 30 2009 Marcela Maslaova <mmaslano at\n redhat.com> - 4:5.10.0-86\n\n - 542645 update IO-Compress-Base\n\n - Tue Nov 24 2009 Stepan Kasal <skasal at redhat.com> -\n 4:5.10.0-85\n\n - back out perl-5.10.0-spamassassin.patch (#528572)\n\n - Thu Oct 1 2009 Chris Weyl <cweyl at alumni.drew.edu> -\n 4:5.10.0-84\n\n - add /perl(UNIVERSAL)/d; /perl(DB)/d to\n perl_default_filter auto-provides filtering\n\n - Thu Oct 1 2009 Stepan Kasal <skasal at redhat.com> -\n 4:5.10.0-83\n\n - update Storable to 2.21\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=576508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=588269\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/045418.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a1b13b6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected perl package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"perl-5.10.0-91.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:51", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1168", "CVE-2010-1447"], "description": "[3:5.8.5-52.el4]\n- build system contains new rpm, which can't create list of header files\n anymore (failure of rpm -ql). Arch specific files contain list of all\n header files for RHEL-4 or mentioned packages.\n- Related: rhbz#591160\n[3:5.8.5-50.el4]\n- CVE-2010-1168 perl Safe: Intended restriction bypass via object references\n- CVE-2010-1447 Safe 2.26 and earlier: Intended restriction bypass via Perl \n object references in code executed outside safe compartment\n Both solved by update to the v2.27.\n- Related: rhbz#591160", "edition": 4, "modified": "2010-06-07T00:00:00", "published": "2010-06-07T00:00:00", "id": "ELSA-2010-0457", "href": "http://linux.oracle.com/errata/ELSA-2010-0457.html", "title": "perl security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5302", "CVE-2008-5303", "CVE-2010-1168", "CVE-2010-1447", "CVE-2005-0448"], "description": "[4:5.8.8-32.el5.1]\n- third version of patch fix change of behaviour of rmtree for common user\n- Resolves: rhbz#597203\n[4:5.8.8-32.el5]\n- rhbz#595416 change documentation of File::Path\n- Related: rhbz#591167\n[4:5.8.8-31.el5]\n- remove previous fix\n- Related: rhbz#591167\n[4:5.8.8-30.el5]\n- change config to file on Util.so\n- Related: rhbz#594406\n[4:5.8.8-29.el5]\n- CVE-2008-5302 - use latest patch without Cwd module\n- 507378 because of our paths we need to overload old Util.so in case customer installed\n Scalar::Util from cpan. In this case we marked new Util.so as .rpmnew.\n- Related: rhbz#591167\n- Resolves: rhbz#594406\n[4:5.8.8-28.el5]\n- CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) \n reintroduced after upstream rebase to 5.8.8-1\n- CVE-2010-1168 perl Safe: Intended restriction bypass via object references\n- CVE-2010-1447 Safe 2.26 and earlier: Intended restriction bypass via Perl \n object references in code executed outside safe compartment\n- Related: rhbz#591167", "edition": 4, "modified": "2010-06-07T00:00:00", "published": "2010-06-07T00:00:00", "id": "ELSA-2010-0458", "href": "http://linux.oracle.com/errata/ELSA-2010-0458.html", "title": "perl security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:18", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5302", "CVE-2008-5303", "CVE-2010-1168", "CVE-2010-1447"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0458\n\n\nPerl is a high-level programming language commonly used for system\nadministration utilities and web programming. The Safe extension module\nallows users to compile and execute Perl code in restricted compartments.\nThe File::Path module allows users to create and remove directory trees.\n\nThe Safe module did not properly restrict the code of implicitly called\nmethods (such as DESTROY and AUTOLOAD) on implicitly blessed objects\nreturned as a result of unsafe code evaluation. These methods could have\nbeen executed unrestricted by Safe when such objects were accessed or\ndestroyed. A specially-crafted Perl script executed inside of a Safe\ncompartment could use this flaw to bypass intended Safe module\nrestrictions. (CVE-2010-1168)\n\nThe Safe module did not properly restrict code compiled in a Safe\ncompartment and executed out of the compartment via a subroutine reference\nreturned as a result of unsafe code evaluation. A specially-crafted Perl\nscript executed inside of a Safe compartment could use this flaw to bypass\nintended Safe module restrictions, if the returned subroutine reference was\ncalled from outside of the compartment. (CVE-2010-1447)\n\nMultiple race conditions were found in the way the File::Path module's\nrmtree function removed directory trees. A malicious, local user with write\naccess to a directory being removed by a victim, running a Perl script\nusing rmtree, could cause the permissions of arbitrary files to be changed\nto world-writable and setuid, or delete arbitrary files via a symbolic link\nattack, if the victim had the privileges to change the permissions of the\ntarget files or to remove them. (CVE-2008-5302, CVE-2008-5303)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton\nas the original reporter of CVE-2010-1168, and Tim Bunce and Rafael\nGarcia-Suarez as the original reporters of CVE-2010-1447.\n\nThese packages upgrade the Safe extension module to version 2.27. Refer to\nthe Safe module's Changes file, linked to in the References, for a full\nlist of changes.\n\nUsers of perl are advised to upgrade to these updated packages, which\ncorrect these issues. All applications using the Safe or File::Path modules\nmust be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-June/028754.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-June/028762.html\n\n**Affected packages:**\nperl\nperl-suidperl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0458.html", "edition": 3, "modified": "2010-06-12T12:59:15", "published": "2010-06-12T12:59:15", "href": "http://lists.centos.org/pipermail/centos-announce/2010-June/028754.html", "id": "CESA-2010:0458", "title": "perl security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:12:47", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-3433", "CVE-2010-1169", "CVE-2010-1168", "CVE-2010-1447"], "description": "Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the\nfollowing security problem:\n\nCVE-2010-3433\n The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30,\n 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before\n 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect\n script execution by a different SQL user identity within the same\n session, which allows remote authenticated users to gain privileges via\n crafted script code in a SECURITY DEFINER function, as demonstrated by\n (1) redefining standard functions or (2) redefining operators, a\n different vulnerability than CVE-2010-1168, CVE-2010-1169,\n CVE-2010-1170, and CVE-2010-1447.\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3433\n\nFor the lenny-backports distribution, the problem has been fixed in\nversion 1.8.5-1~bpo50+1.\n\nFor the current testing (squeeze) and unstable (sid) distributions, the\nproblem has been fixed in version 1.8.5-1.\n\nUpgrade instructions\n- --------------------\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with\nthe packagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin the backports repository to 200 so that new\nversions of installed backports will be installed automatically.\n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "edition": 3, "modified": "2010-10-10T12:48:58", "published": "2010-10-10T12:48:58", "id": "DEBIAN:BSA-005-:128F5", "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201010/msg00002.html", "title": "BSA-005 Security Update for postgresql-8.4", "type": "debian", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:12:49", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1447"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2267-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 01, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : perl\nVulnerability : restriction bypass\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2010-1447 \nDebian Bug : 631529\n\nIt was discovered that Perl's Safe module - a module to compile and \nexecute code in restricted compartments - could by bypassed.\n\nPlease note that this update is known to break Petal, an XML-based \ntemplating engine (shipped with Debian 6.0/Squeeze in the package\nlibpetal-perl, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582805\nfor details). A fix is not yet available. If you use Petal, you might\nconsider to put the previous Perl packages on hold.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 5.10.0-19lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 5.10.1-17squeeze2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.12.3-1.\n\nWe recommend that you upgrade your perl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-07-01T18:09:08", "published": "2011-07-01T18:09:08", "id": "DEBIAN:DSA-2267-1:6948E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00138.html", "title": "[SECURITY] [DSA 2267-1] perl security update", "type": "debian", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:21:26", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4410", "CVE-2010-1168", "CVE-2010-2761", "CVE-2010-1447", "CVE-2010-4411", "CVE-2011-1487"], "description": "It was discovered that the Safe.pm Perl module incorrectly handled \nSafe::reval and Safe::rdo access restrictions. An attacker could use this \nflaw to bypass intended restrictions and possibly execute arbitrary code. \n(CVE-2010-1168, CVE-2010-1447)\n\nIt was discovered that the CGI.pm Perl module incorrectly handled certain \nMIME boundary strings. An attacker could use this flaw to inject arbitrary \nHTTP headers and perform HTTP response splitting and cross-site scripting \nattacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and \n10.10. (CVE-2010-2761, CVE-2010-4411)\n\nIt was discovered that the CGI.pm Perl module incorrectly handled newline \ncharacters. An attacker could use this flaw to inject arbitrary HTTP \nheaders and perform HTTP response splitting and cross-site scripting \nattacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and \n10.10. (CVE-2010-4410)\n\nIt was discovered that the lc, lcfirst, uc, and ucfirst functions did not \nproperly apply the taint attribute when processing tainted input. An \nattacker could use this flaw to bypass intended restrictions. This issue \nonly affected Ubuntu 8.04 LTS, 10.04 LTS and 10.10. (CVE-2011-1487)", "edition": 5, "modified": "2011-05-03T00:00:00", "published": "2011-05-03T00:00:00", "id": "USN-1129-1", "href": "https://ubuntu.com/security/notices/USN-1129-1", "title": "Perl vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:19", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1168"], "description": "### Background\n\nSafe is a Perl module to compile and execute code in restricted compartments. \n\n### Description\n\nUnsafe code evaluation prevents the Safe module from properly restricting the code of implicitly called methods on implicitly blessed objects. \n\n### Impact\n\nA remote attacker could entice a user to load a specially crafted Perl script, resulting in execution arbitrary Perl code outside of a restricted compartment. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll users of the standalone Perl Safe module should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=perl-core/Safe-2.27\"\n \n\nAll users of the Safe module bundled with Perl should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=virtual/perl-Safe-2.27\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since July 18, 2010. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2011-11-20T00:00:00", "published": "2011-11-20T00:00:00", "id": "GLSA-201111-09", "href": "https://security.gentoo.org/glsa/201111-09", "type": "gentoo", "title": "Perl Safe module: Arbitrary Perl code injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:37", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-3433", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-4015", "CVE-2009-0922", "CVE-2011-2483", "CVE-2009-3231", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-3229", "CVE-2010-1447", "CVE-2009-4136"], "edition": 1, "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the \"intarray\" module enabled, possibly resulting in the execution of arbitrary code with the privileges of the PostgreSQL server process, or a Denial of Service condition. Furthermore, a remote authenticated attacker could execute arbitrary Perl code, cause a Denial of Service condition via different vectors, bypass LDAP authentication, bypass X.509 certificate validation, gain database privileges, exploit weak blowfish encryption and possibly cause other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.2.22:8.2\"\n \n\nAll PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.3.16:8.3\"\n \n\nAll PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.4.9:8.4\"\n \n\nAll PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-9.0.5:9.0\"\n \n\nAll PostgreSQL 8.2 server users should upgrade to the latest 8.2 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.2.22:8.2\"\n \n\nAll PostgreSQL 8.3 server users should upgrade to the latest 8.3 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.3.16:8.3\"\n \n\nAll PostgreSQL 8.4 server users should upgrade to the latest 8.4 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.4.9:8.4\"\n \n\nAll PostgreSQL 9.0 server users should upgrade to the latest 9.0 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-9.0.5:9.0\"\n \n\nThe old unsplit PostgreSQL packages have been removed from portage. Users still using them are urged to migrate to the new PostgreSQL packages as stated above and to remove the old package: \n \n \n # emerge --unmerge \"dev-db/postgresql\"", "modified": "2012-03-05T00:00:00", "published": "2011-10-25T00:00:00", "id": "GLSA-201110-22", "href": "https://security.gentoo.org/glsa/201110-22", "type": "gentoo", "title": "PostgreSQL: Multiple vulnerabilities", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:10:33", "description": "BUGTRAQ ID: 40302\r\nCVE(CAN) ID: CVE-2010-1168,CVE-2010-1974\r\n\r\nPerl\u662f\u4e00\u79cd\u514d\u8d39\u4e14\u529f\u80fd\u5f3a\u5927\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nPerl\u4e2d\u6240\u4f7f\u7528\u7684Safe\u6a21\u5757\u6ca1\u6709\u6b63\u786e\u5730\u5bf9\u7ecf\u8fc7\u9690\u5f0fbless\u5904\u7406\u7684\u5bf9\u8c61\u9650\u5236DESTROY\u548cAUTOLOAD\u7b49\u65b9\u5f0f\u7684\u4ee3\u7801\uff0c\u5728\u8bbf\u95ee\u6216\u91ca\u653e\u8fd9\u4e9b\u5bf9\u8c61\u65f6 Safe\u53ef\u80fd\u672a\u52a0\u9650\u5236\u7684\u6267\u884c\u8fd9\u4e9b\u65b9\u5f0f\u3002\u5728Safe\u9694\u79bb\u4e2d\u6240\u6267\u884c\u7684\u7279\u5236Perl\u811a\u672c\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u7ed5\u8fc7\u9884\u671f\u7684Safe\u6a21\u5757\u9650\u5236\u3002\n\nPerl < 5.12.1\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLarry Wall\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0458-02\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0458-02\uff1aModerate: perl security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0458.html", "published": "2010-06-09T00:00:00", "type": "seebug", "title": "Perl Safe\u6a21\u5757\u5bf9\u8c61\u5f15\u7528\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1168", "CVE-2010-1974"], "modified": "2010-06-09T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19754", "id": "SSV:19754", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:00:40", "description": "CVE ID: CVE-2005-4268,CVE-2010-0624,CVE-2007-4476,CVE-2010-2063,CVE-2010-1321,CVE-2010-1168,CVE-2010-1447,CVE-2008-5302,CVE-2008-5303\r\n\r\nVMware ESX Server\u662f\u4e3a\u9002\u7528\u4e8e\u4efb\u4f55\u7cfb\u7edf\u73af\u5883\u7684\u4f01\u4e1a\u7ea7\u865a\u62df\u8ba1\u7b97\u673a\u8f6f\u4ef6\u3002\r\n\r\nESX Console OS (COS)\u5728cpio\u3001tar\u3001perl\u3001krb5\u3001samba\u7b49\u5e94\u7528\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u5176\u4e2d\u6700\u4e25\u91cd\u7684\u6f0f\u6d1e\u53ef\u9020\u6210\u670d\u52a1\u5668\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nVMWare ESX Server\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nVMWare\r\n------\r\nVMWare\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08VMSA-2010-0013\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nVMSA-2010-0013\uff1aVMware ESX third party updates for Service Console\r\n\r\n\u94fe\u63a5\uff1ahttp://www.vmware.com/security/advisories/VMSA-2010-0013.html", "published": "2012-01-13T00:00:00", "title": "VMware ESX Service Console\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-4268", "CVE-2007-4476", "CVE-2008-5302", "CVE-2008-5303", "CVE-2010-0624", "CVE-2010-1168", "CVE-2010-1321", "CVE-2010-1447", "CVE-2010-2063"], "modified": "2012-01-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30015", "id": "SSV:30015", "sourceData": "", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:11:22", "description": "BUGTRAQ ID: 40215\r\nCVE ID: CVE-2010-1169,CVE-2010-1170,CVE-2010-1447\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL\u7684PL/perl\u548cPL/tcl\u5b58\u50a8\u8fc7\u7a0b\u4e2d\u5b58\u5728\u9519\u8bef\u7684\u6743\u9650\u68c0\u67e5\uff0c\u7528\u6237\u53ef\u4ee5\u7ed5\u8fc7pltcl_modules\u8868\u7b49\u5b89\u5168\u9650\u5236\u6267\u884c\u4efb\u610f Perl\u6216Tcl\u811a\u672c\u3002\n\nPostgreSQL 8.4\r\nPostgreSQL 8.3\r\nPostgreSQL 8.2\r\nPostgreSQL 8.1\r\nPostgreSQL 8.0\r\nPostgreSQL 7.4\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org/support/security", "published": "2010-05-20T00:00:00", "type": "seebug", "title": "PostgreSQL PL/perl\u548cPL/tcl\u5b58\u50a8\u8fc7\u7a0b\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1169", "CVE-2010-1170", "CVE-2010-1447"], "modified": "2010-05-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19652", "id": "SSV:19652", "sourceData": "", "sourceHref": "", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2019-11-06T16:05:44", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4476", "CVE-2008-5302", "CVE-2008-5303", "CVE-2010-1168", "CVE-2005-4268", "CVE-2010-0624", "CVE-2010-1447", "CVE-2010-1321", "CVE-2010-2063"], "description": "a. Service Console update for cpio \n \nThe service console package cpio is updated to version 2.5-6.RHEL3 for ESX 3.x versions and updated to version 2.6-23.el5_4.1 for ESX 4.x versions. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues addressed in the update for ESX 3.x and the names CVE-2007-4476 and CVE-2010-0624 to the issues addressed in the update for ESX 4.x. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2011-02-14T00:00:00", "published": "2010-08-31T00:00:00", "id": "VMSA-2010-0013", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0013.html", "title": "VMware ESX third party updates for Service Console", "type": "vmware", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T23:07:49", "bulletinFamily": "info", "cvelist": ["CVE-2010-1169", "CVE-2010-1170", "CVE-2010-1447"], "description": "[](<https://threatpost.com/postgresql-vulnerabilities-fixed-051710/>)PostgreSQL 7 and 8 users are advised to update their installations as the development team has released new versions which fix a vulnerability classed as moderately severe in PL/perl and PL/tcl. CVE-2010-1169, CVE-2010-1447 and CVE-2010-1170 reports detail the vulnerabilities involved. [Read the full article](<http://www.h-online.com/security/news/item/PostgreSQL-developers-fix-vulnerabilities-1001307.html>). [The H Security]\n", "modified": "2018-08-15T12:46:00", "published": "2010-05-17T14:36:50", "id": "THREATPOST:3C2288E116082B4098F488709A15B059", "href": "https://threatpost.com/postgresql-vulnerabilities-fixed-051710/73976/", "type": "threatpost", "title": "PostgreSQL Vulnerabilities Fixed", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
