Perl 5.22 Buffer Overflow Vulnerability

High Log Correlation Engine Plugin ID 802000

Synopsis

The specific version of Perl that this Apache server is running is vulnerable to a buffer overflow attack..

Description

Perl contains an overflow condition in the VDir::MapPathA() function. The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
Technical Information: Note: Programming language vulnerability. This code is used in a wide variety of software and the issue may manifest in a number of different ways. Depending on the implementation, it varies if this vulnerability requires local access or may be exploited remotely.

Solution

A patch has been released to address this issue. Apply the vendor's patch or update to a later version.

See Also

https://rt.perl.org/Public/Bug/Display.html?id=126755

http://autosectools.com/Perl-VDir-MapPath-Out-of-bounds-Read

https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html

Plugin Details

Severity: High

ID: 802000

Family: Generic

Published: 2016/06/02

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2016/12/15

Vulnerability Publication Date: 2016/01/16

Reference Information

CVE: CVE-2015-8608