FreeBSD : perl -- denial of service via algorithmic complexity attack on hashing routines (68c1f75b-8824-11e2-9996-c48508086173)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Perl developers report :

In order to prevent an algorithmic complexity attack against its
hashing mechanism, perl will sometimes recalculate keys and
redistribute the contents of a hash. This mechanism has made perl
robust against attacks that have been demonstrated against other
systems.

Research by Yves Orton has recently uncovered a flaw in the rehashing
code which can result in pathological behavior. This flaw could be
exploited to carry out a denial of service attack against code that
uses arbitrary user input as hash keys.

Because using user-provided strings as hash keys is a very common
operation, we urge users of perl to update their perl executable as
soon as possible.

See also :

http://www.nessus.org/u?b5e01fb8
http://www.nessus.org/u?b7a4d00f

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 65199 ()

Bugtraq ID:

CVE ID: CVE-2013-1667

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now