Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20964
HistorySep 30, 2011 - 12:00 a.m.

Perl "decode_xs()"和"File::Glob::bsd_glob()"远程代码执行漏洞

2011-09-3000:00:00
Root
www.seebug.org
20

0.02 Low

EPSS

Percentile

87.7%

JSON

BUGTRAQ ID: 49858
CVE ID: CVE-2011-2728,CVE-2011-2939

Perl是一种高级、通用、直译式、动态的程序语言。

Perl的"decode_xs()"和"File::Glob::bsd_glob()"函数在实现上存在远程代码执行漏洞,远程攻击者可利用此漏洞执行任意代码。

1)在处理GLOB_ALTDIRFUNC旗标时,"File::Glob::bsd_glob()"函数中存在的错误可被利用造成非法访问和执行任意代码。

2)Encode中的"decode_xs()"函数中的错误可通过特制输入造成堆缓冲区溢出。

Perl 5.14.1
厂商补丁:

Perl

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.perl.com

Related

nessus 16
gentoo 1
openvas 21
cve 2
ubuntucve 2
veracode 1
prion 2
debiancve 2
altlinux 2
redhat 1
fedora 3
oraclelinux 1
securityvulns 3
amazon 1
f5 1
suse 2
ubuntu 1
nessus
nessus
GLSA-201401-11 : Perl, Locale Maketext Perl module: Multiple vulnerabilities
2014-01-20 00:00:00
Oracle Solaris Third-Party Patch Update : perl-58 (cve_2011_2728_denial_of)
2015-01-19 00:00:00
openSUSE Security Update : perl (openSUSE-SU-2011:1278-1)
2014-06-13 00:00:00
gentoo
gentoo
Perl, Locale Maketext Perl module: Multiple vulnerabilities
2014-01-19 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201401-11
2015-09-29 00:00:00
Strawberry Perl Modules Multiple Vulnerabilities (Windows)
2012-01-17 00:00:00
Active Perl Modules Multiple Vulnerabilities (Windows)
2013-03-27 00:00:00
cve
cve
CVE-2011-2728
2012-12-21 05:46:00
CVE-2011-2939
2012-01-13 18:55:00
ubuntucve
ubuntucve
CVE-2011-2728
2012-12-21 00:00:00
CVE-2011-2939
2012-01-13 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:04:11
prion
prion
Null pointer dereference
2012-12-21 05:46:00
Heap overflow
2012-01-13 18:55:00
debiancve
debiancve
CVE-2011-2728
2012-12-21 05:46:00
CVE-2011-2939
2012-01-13 18:55:00
altlinux
altlinux
Security fix for the ALT Linux 6 package perl-Encode version 2.47-alt0.M60P.1
2012-10-30 00:00:00
Security fix for the ALT Linux 6 package perl version 1:5.12.5-alt1.M60P.1
2012-11-10 00:00:00
redhat
redhat
(RHSA-2011:1424) Moderate: perl security update
2011-11-03 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: perl-5.14.3-205.fc16
2013-01-24 21:54:55
[SECURITY] Fedora 16 Update: perl-5.14.3-203.fc16
2012-12-18 02:24:56
[SECURITY] Fedora 14 Update: perl-5.12.4-147.fc14
2011-11-03 00:22:52
oraclelinux
oraclelinux
perl security update
2011-11-03 00:00:00
securityvulns
securityvulns
perl security vulnerabilities
2012-01-20 00:00:00
perl multiple security vulnerabilities
2012-12-02 00:00:00
[USN-1643-1] Perl vulnerabilities
2012-12-02 00:00:00
amazon
amazon
Medium: perl
2011-11-09 21:48:00
f5
f5
K83058481 : Perl vulnerabilities CVE-2011-1487, CVE-2011-2939, and CVE-2011-3597
2017-10-16 00:00:00
suse
suse
Security update for Perl (important)
2013-03-13 00:05:35
Security update for Perl (important)
2013-03-13 00:05:41
ubuntu
ubuntu
Perl vulnerabilities
2012-11-30 00:00:00

0.02 Low

EPSS

Percentile

87.7%

JSON
Related for SSV:20964
nessus16gentoo1openvas21cve2ubuntucve2veracode1prion2debiancve2altlinux2redhat1fedora3oraclelinux1securityvulns3amazon1f51suse2ubuntu1