FreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

SO-AND-SO reports :

CVE-2017-12814: $ENV{$key} stack-based buffer overflow on Windows

A possible stack-based buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous
anyway.

CVE-2017-12837: Heap buffer overflow in regular expression compiler

Compiling certain regular expression patterns with the
case-insensitive modifier could cause a heap buffer overflow and crash
perl. This has now been fixed.

CVE-2017-12883: Buffer over-read in regular expression parser

For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl. This has now been fixed.

See also :

https://metacpan.org/changes/release/SHAY/perl-5.24.3
https://metacpan.org/changes/release/SHAY/perl-5.26.1
http://www.nessus.org/u?cfaa9e60

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 103442 ()

Bugtraq ID:

CVE ID: CVE-2017-12814
CVE-2017-12837
CVE-2017-12883

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now