Veracode Vulnerability DatabaseVERACODE:24772Arbitrary Code Execution
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
perl is vulnerable to arbitrary code execution. The vulnerability exists as a heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program.
| CPE | Name | Operator | Version |
|---|---|---|---|
| perl | eq | 5.10.1__115.el6 | |
| perl | eq | 5.10.1__115.el6 |
References
cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod
perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29
search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)
secunia.com/advisories/46172
secunia.com/advisories/46989
secunia.com/advisories/51457
secunia.com/advisories/55314
www.mandriva.com/security/advisories?name=MDVSA-2012:008
www.openwall.com/lists/oss-security/2011/08/18/8
www.openwall.com/lists/oss-security/2011/08/19/17
www.redhat.com/support/errata/RHSA-2011-1424.html
www.securityfocus.com/bid/49858
www.ubuntu.com/usn/USN-1643-1
access.redhat.com/errata/RHSA-2011:1424
access.redhat.com/security/cve/CVE-2011-2939
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=731246
Related
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P