FreeBSD : eperl -- Remote code execution (73efb1b7-07ec-11e2-a391-000c29033c32)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

David Madison reports :

ePerl is a multipurpose Perl filter and interpreter program for Unix
systems. The ePerl preprocessor contains an input validation error.
The preprocessor allows foreign data to be 'safely' included using the
'sinclude' directive.

The problem occurs when a file referenced by a 'sinclude' directive
contains a 'include' directive; the contents of the file referred to
by the second directive will be loaded and executed.

See also :

http://www.shmoo.com/mail/bugtraq/jun01/msg00286.shtml
http://xforce.iss.net/xforce/xfdb/6743
http://osvdb.org/show/osvdb/1880
http://www.nessus.org/u?fe04bb1e

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 62341 ()

Bugtraq ID: 2912

CVE ID: CVE-2001-0733

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now