Detections
Analytics

MiracleLinux 4 : perl-5.10.1-119.AXS4 (AXSA:2011-570:01)

critical Nessus Plugin ID 283989

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-570:01 advisory.

 Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common applications are system administration utilities and web programming. A large proportion of the CGI scripts on the web are written in Perl. You need the perl package installed on your system so that your system can handle Perl scripts.
 Install this package if you want to program in Perl or enable your system to handle Perl scripts.
 Security issues fixed with this release:
 CVE-2010-2761 The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.
 CVE-2010-4410 CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172.
 CVE-2011-1487 The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
 Fixed bugs:
 - Version 3.17 of the Test::Harness distribution removed the support for the fork-based parallel testing, and 'prove' does not support this option any longer. Both the manual page and the output of the prove
 --help command have been updated so that --fork is no longer included in the list of available command line options.
 - Due to a packaging error, the perl packages did not include the NDBM_File module. This has been corrected.
 - When using the threads module, continual creation and destruction of threads could cause the Perl program to consume an increasing amount of memory and then to leak memory. This has been fixed: the memory is freeed when a thread is destroyed.
 - The following error message would appear when a user started the cpan command line interface and attempted to download a distribution from CPAN:
 CPAN: checksum security checks disabled because Digest::SHA not installed. Please consider installing the Digest::SHA module.
 This was because the perl packages did not require the Digest::SHA module as a dependency. The spec file has been corrected to include perl-Digest-SHA package as a dependency and this error no longer occurs.
 - With the threads module, sending a signal to a thread that did not have a signal handler specified made the perl interpreter to terminate unexpectedly with a segmentation fault. The threads module has been updated to upstream version 1.82, which fixes this bug.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/2463

Plugin Details

Severity: Critical

ID: 283989

File Name: miracle_linux_AXSA-2011-570.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2011-1487

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2010-4410

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:perl-libs, p-cpe:/a:miracle:linux:perl-extutils-embed, p-cpe:/a:miracle:linux:perl-io-zlib, p-cpe:/a:miracle:linux:perl, p-cpe:/a:miracle:linux:perl-devel, p-cpe:/a:miracle:linux:perl-time-piece, p-cpe:/a:miracle:linux:perl-locale-maketext-simple, p-cpe:/a:miracle:linux:perl-module-loaded, p-cpe:/a:miracle:linux:perl-cpan, p-cpe:/a:miracle:linux:perl-suidperl, p-cpe:/a:miracle:linux:perl-archive-tar, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:perl-module-build, p-cpe:/a:miracle:linux:perl-module-load-conditional, p-cpe:/a:miracle:linux:perl-term-ui, p-cpe:/a:miracle:linux:perl-module-pluggable, p-cpe:/a:miracle:linux:perl-compress-raw-zlib, p-cpe:/a:miracle:linux:perl-object-accessor, p-cpe:/a:miracle:linux:perl-digest-sha, p-cpe:/a:miracle:linux:perl-module-load, p-cpe:/a:miracle:linux:perl-version, p-cpe:/a:miracle:linux:perl-cgi, p-cpe:/a:miracle:linux:perl-package-constants, p-cpe:/a:miracle:linux:perl-pod-simple, p-cpe:/a:miracle:linux:perl-extutils-cbuilder, p-cpe:/a:miracle:linux:perl-extutils-parsexs, p-cpe:/a:miracle:linux:perl-log-message-simple, p-cpe:/a:miracle:linux:perl-io-compress-zlib, p-cpe:/a:miracle:linux:perl-compress-zlib, p-cpe:/a:miracle:linux:perl-module-corelist, p-cpe:/a:miracle:linux:perl-pod-escapes, p-cpe:/a:miracle:linux:perl-ipc-cmd, p-cpe:/a:miracle:linux:perl-parent, p-cpe:/a:miracle:linux:perl-parse-cpan-meta, p-cpe:/a:miracle:linux:perl-file-fetch, p-cpe:/a:miracle:linux:perl-log-message, p-cpe:/a:miracle:linux:perl-io-compress-base, p-cpe:/a:miracle:linux:perl-test-simple, p-cpe:/a:miracle:linux:perl-params-check, p-cpe:/a:miracle:linux:perl-test-harness, p-cpe:/a:miracle:linux:perl-core, p-cpe:/a:miracle:linux:perl-extutils-makemaker, p-cpe:/a:miracle:linux:perl-archive-extract, p-cpe:/a:miracle:linux:perl-time-hires, p-cpe:/a:miracle:linux:perl-cpanplus

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/29/2011

Vulnerability Publication Date: 8/19/2010

Reference Information

CVE: CVE-2010-2761, CVE-2010-4410, CVE-2011-1487