AIX Perl Advisory : perl_advisory4.asc
High Nessus Plugin ID 73735
Synopsis
The remote AIX host has a vulnerable version of Perl.
Description
The version of Perl on the remote host is affected by a code execution vulnerability.
The _compile function in Locale::Maketext in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation. This could allow context- dependent attackers to execute arbitrary commands via crafted input.
Solution
A fix is available, and it can be downloaded from the AIX website.
For AIX 5.3 or AIX 6.1, use perl61.zip, and for AIX 7.1 use perl71.zip.
IMPORTANT : If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.
To preview the fix installation :
installp -apYd . perl
To install the fix package :
installp -aXYd . perl