Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-1487
HistoryApr 11, 2011 - 12:00 a.m.

CVE-2011-1487

2011-04-1100:00:00
ubuntu.com
ubuntu.com
6

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.017

Percentile

87.8%

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x,
5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply
the taint attribute to the return value upon processing tainted input,
which might allow context-dependent attackers to bypass the taint
protection mechanism via a crafted string.

Bugs

Notes

Author Note
mdeslaur see: http://www.nntp.perl.org/group/perl.perl5.porters/2011/04/msg171010.html dapper and hardy were before the vulnerable code was introduced
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchperl< 5.10.1-8ubuntu2.1UNKNOWN
ubuntu10.10noarchperl< 5.10.1-12ubuntu2.1UNKNOWN
ubuntu11.04noarchperl< 5.10.1-17ubuntu4.1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.017

Percentile

87.8%