Veracode Vulnerability DatabaseVERACODE:24751Arbitrary Code Execution
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
perl is vulnerable to arbitrary code execution. It was found that the “new” constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor.
References
aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc
cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
secunia.com/advisories/46279
secunia.com/advisories/51457
www.mandriva.com/security/advisories?name=MDVSA-2012:008
www.mandriva.com/security/advisories?name=MDVSA-2012:009
www.redhat.com/support/errata/RHSA-2011-1424.html
www.redhat.com/support/errata/RHSA-2011-1797.html
www.securityfocus.com/bid/49911
www.ubuntu.com/usn/USN-1643-1
access.redhat.com/errata/RHSA-2011:1797
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=743010
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P