Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_6329_code_injection1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- The _compile function in Maketext.pm in the
Locale::Maketext implementation in Perl before 5.17.7
does not properly handle backslashes and fully qualified
method names during compilation of bracket notation,
which allows context-dependent attackers to execute
arbitrary commands via crafted input to an application
that accepts translation strings from users, as
demonstrated by the TWiki application before 5.1.3, and
the Foswiki application 1.0.x through 1.0.10 and 1.1.x
through 1.1.6. (CVE-2012-6329)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?85ee1b9d

Solution :

Upgrade to Solaris 11.1.7.5.0.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Solaris Local Security Checks

Nessus Plugin ID: 80730 ()

Bugtraq ID:

CVE ID: CVE-2012-6329

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now