Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
USN-222-1 fixed a vulnerability in the Perl interpreter. It was
discovered that the version of USN-222-1 was not sufficient to handle
all possible cases of malformed input that could lead to arbitrary
code execution, so another update is necessary.
Original advisory :
Jack Louis of Dyad Security discovered that Perl did not sufficiently
check the explicit length argument in format strings. Specially
crafted format strings with overly large length arguments led to a
crash of the Perl interpreter or even to execution of arbitrary
attacker-defined code with the privileges of the user running the Perl
However, this attack was only possible in insecure Perl
programs which use variables with user-defined values in
string interpolations without checking their validity.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.6
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 20765 ()
CVE ID: CVE-2005-3962