Mandriva Linux Security Advisory : perl (MDVSA-2013:113)

high Nessus Plugin ID 66125
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated perl packages fix security vulnerability :

It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code (CVE-2012-5195).

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users (CVE-2012-6329).

In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash. This mechanism has made perl robust against attacks that have been demonstrated against other systems. Research by Yves Orton has recently uncovered a flaw in the rehashing code which can result in pathological behavior. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Because using user-provided strings as hash keys is a very common operation, we urge users of perl to update their perl executable as soon as possible.
Updates to address this issue have bene pushed to main-5.8, maint-5.10, maint-5.12, maint-5.14, and maint-5.16 branches today.
Vendors* were informed of this problem two weeks ago and are expected to be shipping updates today (or otherwise very soon) (CVE-2013-1667).

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 66125

File Name: mandriva_MDVSA-2013-113.nasl

Version: 1.25

Type: local

Published: 4/20/2013

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:perl, p-cpe:/a:mandriva:linux:perl-Locale-Maketext, p-cpe:/a:mandriva:linux:perl-base, p-cpe:/a:mandriva:linux:perl-devel, p-cpe:/a:mandriva:linux:perl-doc, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/10/2013

Exploitable With

Metasploit (TWiki MAKETEXT Remote Command Execution)

Elliot (Foswiki 1.1.5 RCE)

Reference Information

CVE: CVE-2012-5195, CVE-2012-6329, CVE-2013-1667

BID: 56287, 56950, 58311

MDVSA: 2013:113

MGASA: 2012-0352, 2013-0032, 2013-0094