AIX Perl Advisory : perl_advisory4.asc
High Nessus Plugin ID 73735
SynopsisThe remote AIX host has a vulnerable version of Perl.
DescriptionThe version of Perl on the remote host is affected by a code execution vulnerability.
The _compile function in Locale::Maketext in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation. This could allow context- dependent attackers to execute arbitrary commands via crafted input.
SolutionA fix is available, and it can be downloaded from the AIX website.
For AIX 5.3 or AIX 6.1, use perl61.zip, and for AIX 7.1 use perl71.zip.
IMPORTANT : If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.
To preview the fix installation :
installp -apYd . perl
To install the fix package :
installp -aXYd . perl