The remote Solaris system is missing necessary patches to address security updates :

  - Race condition in the rmtree function in the File::Path     module in Perl 5.6.1 and 5.8.4 sets read/write     permissions for the world, which allows local users to     delete arbitrary files and directories, and possibly     read files and directories, via a symlink attack.
    (CVE-2004-0452)

  - Buffer overflow in the PerlIO implementation in Perl     5.8.0, when installed with setuid support (sperl),     allows local users to execute arbitrary code by setting     the PERLIO_DEBUG variable and executing a Perl script     whose full pathname contains a long directory tree.
    (CVE-2005-0156)

  - Race condition in the rmtree function in File::Path.pm     in Perl before 5.8.4 allows local users to create     arbitrary setuid binaries in the tree being deleted, a     different vulnerability than CVE-2004-0452.
    (CVE-2005-0448)

  - Untrusted search path vulnerability in Perl before     5.8.7-r1 on Gentoo Linux allows local users in the     portage group to gain privileges via a malicious shared     object in the Portage temporary build directory, which     is part of the RUNPATH. (CVE-2005-4278)

  - Integer overflow in the regular expression engine in     Perl 5.8.x allows context-dependent attackers to cause a     denial of service (stack consumption and application     crash) by matching a crafted regular expression against     a long string. (CVE-2010-1158)

  - Off-by-one error in the decode_xs function in     Unicode/Unicode.xs in the Encode module before 2.44, as     used in Perl before 5.15.6, might allow     context-dependent attackers to cause a denial of service     (memory corruption) via a crafted Unicode string, which     triggers a heap-based buffer overflow. (CVE-2011-2939)

  - CGI.pm module before 3.63 for Perl does not properly     escape newlines in (1) Set-Cookie or (2) P3P headers,     which might allow remote attackers to inject arbitrary     headers into responses from applications that use     CGI.pm. (CVE-2012-5526)

Detections

Analytics

Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_5526_configuration_vulnerability1)

high Nessus Plugin ID 80731

No changelogs found