Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CentOS Update for perl CESA-2013:0685 centos5

🗓️ 28 Mar 2013 00:00:00Reported by Copyright (c) 2013 Greenbone Networks GmbHType 
openvas
 openvas🔗 plugins.openvas.org👁 29 Views

CentOS Update for perl CESA-2013:0685 centos5. Heap overflow, denial of service, CGI and Locale::Maketext vulnerabilities fixed. Upgrade to updated packages

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today		Perl 5 Memory Corruption Vulnerability
27 Oct 201200:00
zdt
0day.today		TWiki 5.1.2 Command Execution Vulnerability
15 Dec 201200:00
zdt
0day.today		Foswiki 1.0.10 / 1.1.6 Code Injection / Denial Of Service
18 Dec 201200:00
zdt
0day.today		Foswiki MAKETEXT Remote Command Execution Vulnerability
23 Dec 201200:00
zdt
0day.today		TWiki MAKETEXT Remote Command Execution Vulnerability
23 Dec 201200:00
zdt
0day.today		Foswiki MAKETEXT 1.1.7 / 1.0.10 Code Execution Vulnerability
20 Feb 201300:00
zdt
FreeBSD		perl -- denial of service via algorithmic complexity attack on hashing routines
4 Mar 201300:00
freebsd
ALT Linux		Security fix for the ALT Linux 6 package perl version 1:5.12.5-alt1.M60P.1
10 Nov 201200:00
altlinux
ALT Linux		Security fix for the ALT Linux 7 package perl version 1:5.16.3-alt1
12 Mar 201300:00
altlinux
Tenable Nessus		AIX Perl Advisory : perl_advisory4.asc
28 Apr 201400:00
nessus
Rows per page
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for perl CESA-2013:0685 centos5 
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Perl is a high-level programming language commonly used for system
  administration utilities and web programming.

  A heap overflow flaw was found in Perl. If a Perl application allowed
  user input to control the count argument of the string repeat operator, an
  attacker could cause the application to crash or, potentially, execute
  arbitrary code with the privileges of the user running the application.
  (CVE-2012-5195)
  
  A denial of service flaw was found in the way Perl's rehashing code
  implementation, responsible for recalculation of hash keys and
  redistribution of hash content, handled certain input. If an attacker
  supplied specially-crafted input to be used as hash keys by a Perl
  application, it could cause excessive memory consumption. (CVE-2013-1667)
  
  It was found that the Perl CGI module, used to handle Common Gateway
  Interface requests and responses, incorrectly sanitized the values for
  Set-Cookie and P3P headers. If a Perl application using the CGI module
  reused cookies values and accepted untrusted input from web browsers, a
  remote attacker could use this flaw to alter member items of the cookie or
  add new items. (CVE-2012-5526)
  
  It was found that the Perl Locale::Maketext module, used to localize Perl
  applications, did not properly handle backslashes or fully-qualified method
  names. An attacker could possibly use this flaw to execute arbitrary Perl
  code with the privileges of a Perl application that uses untrusted
  Locale::Maketext templates. (CVE-2012-6329)
  
  Red Hat would like to thank the Perl project for reporting CVE-2012-5195
  and CVE-2013-1667. Upstream acknowledges Tim Brown as the original
  reporter of CVE-2012-5195 and Yves Orton as the original reporter of
  CVE-2013-1667.
  
  All Perl users should upgrade to these updated packages, which contain
  backported patches to correct these issues. All running Perl programs
  must be restarted for this update to take effect.";


tag_affected = "perl on CentOS 5";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2013-March/019668.html");
  script_id(881700);
  script_version("$Revision: 8466 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $");
  script_tag(name:"creation_date", value:"2013-03-28 09:49:47 +0530 (Thu, 28 Mar 2013)");
  script_cve_id("CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_xref(name: "CESA", value: "2013:0685");
  script_name("CentOS Update for perl CESA-2013:0685 centos5 ");

  script_tag(name: "summary" , value: "Check for the Version of perl");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "CentOS5")
{

  if ((res = isrpmvuln(pkg:"perl", rpm:"perl~5.8.8~40.el5_9", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"perl-suidperl", rpm:"perl-suidperl~5.8.8~40.el5_9", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Jan 2018 00:00Current
EPSS0.61604
centos 5perlheap overflowdenial of servicecgilocale::maketextcve-2012-5195cve-2012-5526cve-2012-6329cve-2013-1667update required
29