Ubuntu 4.10 / 5.04 / 5.10 : perl vulnerability (USN-222-1)

Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Jack Louis of Dyad Security discovered that Perl did not sufficiently
check the explicit length argument in format strings. Specially
crafted format strings with overly large length arguments led to a
crash of the Perl interpreter or even to execution of arbitrary
attacker-defined code with the privileges of the user running the Perl

However, this attack was only possible in insecure Perl programs which
use variables with user-defined values in string interpolations
without checking their validity.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.6

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20764 ()

Bugtraq ID:

CVE ID: CVE-2005-3962