ID CVE-2012-1151
Summary Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
References
Vulnerable Configurations
  • Perl 2.18.0
    cpe:2.3:a:perl:perl:2.18.0
  • Perl 2.17.2
    cpe:2.3:a:perl:perl:2.17.2
  • Perl 2.17.1
    cpe:2.3:a:perl:perl:2.17.1
  • Perl 2.17.0
    cpe:2.3:a:perl:perl:2.17.0
  • Perl 2.16.1
    cpe:2.3:a:perl:perl:2.16.1
  • Perl 2.16.0
    cpe:2.3:a:perl:perl:2.16.0
  • Perl 2.15.1
    cpe:2.3:a:perl:perl:2.15.1
  • Perl 2.15.0
    cpe:2.3:a:perl:perl:2.15.0
  • Perl 2.14.1
    cpe:2.3:a:perl:perl:2.14.1
  • Perl 2.14.0
    cpe:2.3:a:perl:perl:2.14.0
  • Perl 2.13.0
    cpe:2.3:a:perl:perl:2.13.0
  • Perl 2.12.0
    cpe:2.3:a:perl:perl:2.12.0
  • Perl 2.11.8
    cpe:2.3:a:perl:perl:2.11.8
  • Perl 2.11.7
    cpe:2.3:a:perl:perl:2.11.7
  • Perl 2.11.6
    cpe:2.3:a:perl:perl:2.11.6
  • Perl 2.11.5
    cpe:2.3:a:perl:perl:2.11.5
  • Perl 2.11.4
    cpe:2.3:a:perl:perl:2.11.4
  • Perl 2.11.3
    cpe:2.3:a:perl:perl:2.11.3
  • Perl 2.11.2
    cpe:2.3:a:perl:perl:2.11.2
  • Perl 2.11.1
    cpe:2.3:a:perl:perl:2.11.1
  • Perl 2.11.0
    cpe:2.3:a:perl:perl:2.11.0
  • Perl 2.10.7
    cpe:2.3:a:perl:perl:2.10.7
  • Perl 2.10.6
    cpe:2.3:a:perl:perl:2.10.6
  • Perl 2.10.5
    cpe:2.3:a:perl:perl:2.10.5
  • Perl 2.10.4
    cpe:2.3:a:perl:perl:2.10.4
  • Perl 2.10.3
    cpe:2.3:a:perl:perl:2.10.3
  • Perl 2.10.2
    cpe:2.3:a:perl:perl:2.10.2
  • Perl 2.10.1
    cpe:2.3:a:perl:perl:2.10.1
  • Perl 2.10.0
    cpe:2.3:a:perl:perl:2.10.0
  • Perl 2.9.2
    cpe:2.3:a:perl:perl:2.9.2
  • Perl 2.9.1
    cpe:2.3:a:perl:perl:2.9.1
  • Perl 2.9.0
    cpe:2.3:a:perl:perl:2.9.0
  • Perl 2.8.8
    cpe:2.3:a:perl:perl:2.8.8
  • Perl 2.8.7
    cpe:2.3:a:perl:perl:2.8.7
  • Perl 2.8.6
    cpe:2.3:a:perl:perl:2.8.6
  • Perl 2.8.5
    cpe:2.3:a:perl:perl:2.8.5
  • Perl 2.8.4
    cpe:2.3:a:perl:perl:2.8.4
  • Perl 2.8.3
    cpe:2.3:a:perl:perl:2.8.3
  • Perl 2.8.2
    cpe:2.3:a:perl:perl:2.8.2
  • Perl 2.8.1
    cpe:2.3:a:perl:perl:2.8.1
  • Perl 2.8.0
    cpe:2.3:a:perl:perl:2.8.0
  • Perl 2.7.2
    cpe:2.3:a:perl:perl:2.7.2
  • Perl 2.7.1
    cpe:2.3:a:perl:perl:2.7.1
  • Perl 2.7.0
    cpe:2.3:a:perl:perl:2.7.0
  • Perl 2.6.6
    cpe:2.3:a:perl:perl:2.6.6
  • Perl 2.6.5
    cpe:2.3:a:perl:perl:2.6.5
  • Perl 2.6.4
    cpe:2.3:a:perl:perl:2.6.4
  • Perl 2.6.3
    cpe:2.3:a:perl:perl:2.6.3
  • Perl 2.6.2
    cpe:2.3:a:perl:perl:2.6.2
  • Perl 2.6.1
    cpe:2.3:a:perl:perl:2.6.1
  • Perl 2.6.0
    cpe:2.3:a:perl:perl:2.6.0
  • Perl 2.5.1
    cpe:2.3:a:perl:perl:2.5.1
  • Perl 2.5.0
    cpe:2.3:a:perl:perl:2.5.0
  • Perl 2.4.0
    cpe:2.3:a:perl:perl:2.4.0
  • Perl 2.3.0
    cpe:2.3:a:perl:perl:2.3.0
  • Perl 2.2.2
    cpe:2.3:a:perl:perl:2.2.2
  • Perl 2.2.1
    cpe:2.3:a:perl:perl:2.2.1
  • Perl 2.2.0
    cpe:2.3:a:perl:perl:2.2.0
  • Perl 2.1.3
    cpe:2.3:a:perl:perl:2.1.3
  • Perl 2.1.2
    cpe:2.3:a:perl:perl:2.1.2
  • Perl 2.1.1
    cpe:2.3:a:perl:perl:2.1.1
  • Perl 2.1.0
    cpe:2.3:a:perl:perl:2.1.0
  • Perl 2.0.0
    cpe:2.3:a:perl:perl:2.0.0
  • Perl 1.49
    cpe:2.3:a:perl:perl:1.49
  • Perl 1.48
    cpe:2.3:a:perl:perl:1.48
  • Perl 1.47
    cpe:2.3:a:perl:perl:1.47
  • Perl 1.46
    cpe:2.3:a:perl:perl:1.46
  • Perl 1.45
    cpe:2.3:a:perl:perl:1.45
  • Perl 1.44
    cpe:2.3:a:perl:perl:1.44
  • Perl 1.43
    cpe:2.3:a:perl:perl:1.43
  • Perl 1.42
    cpe:2.3:a:perl:perl:1.42
  • Perl 1.41
    cpe:2.3:a:perl:perl:1.41
  • Perl 1.40
    cpe:2.3:a:perl:perl:1.40
  • Perl 1.32
    cpe:2.3:a:perl:perl:1.32
  • Perl 1.31
    cpe:2.3:a:perl:perl:1.31
  • Perl 1.22
    cpe:2.3:a:perl:perl:1.22
  • Perl 1.21
    cpe:2.3:a:perl:perl:1.21
  • Perl 1.20
    cpe:2.3:a:perl:perl:1.20
  • Perl 1.01
    cpe:2.3:a:perl:perl:1.01
  • Perl 1.00
    cpe:2.3:a:perl:perl:1.00
  • Perl 0.99
    cpe:2.3:a:perl:perl:0.99
  • Perl 0.98
    cpe:2.3:a:perl:perl:0.98
  • Perl 0.97
    cpe:2.3:a:perl:perl:0.97
  • Perl 0.96
    cpe:2.3:a:perl:perl:0.96
  • Perl 0.95
    cpe:2.3:a:perl:perl:0.95
  • Perl 0.94
    cpe:2.3:a:perl:perl:0.94
  • Perl 0.93
    cpe:2.3:a:perl:perl:0.93
  • Perl 0.92
    cpe:2.3:a:perl:perl:0.92
  • Perl 0.91
    cpe:2.3:a:perl:perl:0.91
  • Perl 0.90
    cpe:2.3:a:perl:perl:0.90
  • Perl 0.89
    cpe:2.3:a:perl:perl:0.89
  • Perl 0.88
    cpe:2.3:a:perl:perl:0.88
  • Perl 0.87
    cpe:2.3:a:perl:perl:0.87
  • Perl 0.86
    cpe:2.3:a:perl:perl:0.86
  • Perl 0.85
    cpe:2.3:a:perl:perl:0.85
  • Perl 0.84
    cpe:2.3:a:perl:perl:0.84
  • Perl 0.83
    cpe:2.3:a:perl:perl:0.83
  • Perl 0.82
    cpe:2.3:a:perl:perl:0.82
  • Perl 0.81
    cpe:2.3:a:perl:perl:0.81
  • Perl 0.80
    cpe:2.3:a:perl:perl:0.80
  • Perl 0.73
    cpe:2.3:a:perl:perl:0.73
  • Perl 0.72
    cpe:2.3:a:perl:perl:0.72
  • Perl 0.71
    cpe:2.3:a:perl:perl:0.71
  • Perl 0.70
    cpe:2.3:a:perl:perl:0.70
  • Perl 0.69
    cpe:2.3:a:perl:perl:0.69
  • Perl 0.68
    cpe:2.3:a:perl:perl:0.68
  • Perl 0.67
    cpe:2.3:a:perl:perl:0.67
  • Perl 0.66
    cpe:2.3:a:perl:perl:0.66
  • Perl 0.65
    cpe:2.3:a:perl:perl:0.65
  • Perl 0.64
    cpe:2.3:a:perl:perl:0.64
  • Perl 0.63
    cpe:2.3:a:perl:perl:0.63
  • Perl 0.62
    cpe:2.3:a:perl:perl:0.62
  • Perl 0.61
    cpe:2.3:a:perl:perl:0.61
  • Perl 0.52
    cpe:2.3:a:perl:perl:0.52
  • Perl 0.5
    cpe:2.3:a:perl:perl:0.5
  • Perl 0.4
    cpe:2.3:a:perl:perl:0.4
  • Perl 0.3
    cpe:2.3:a:perl:perl:0.3
  • Perl 0.2
    cpe:2.3:a:perl:perl:0.2
  • Perl 0.1
    cpe:2.3:a:perl:perl:0.1
  • Perl 2.18.1
    cpe:2.3:a:perl:perl:2.18.1
CVSS
Base: 5.0 (as of 10-09-2012 - 12:49)
Impact:
Exploitability:
CWE CWE-134
CAPEC
  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-180.NASL
    description perl-DBD-Pg was prone to format string errors which could crash applications
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74579
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74579
    title openSUSE Security Update : perl-DBD-Pg (openSUSE-SU-2012:0422-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-112.NASL
    description A vulnerability has been discovered and corrected in perl-DBD-Pg : Two format string flaws were found in the way perl-DBD-Pg. A rogue server could provide a specially crafted database warning or specially crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash (CVE-2012-1151). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 61965
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61965
    title Mandriva Linux Security Advisory : perl-DBD-Pg (MDVSA-2012:112)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120725_PERL_DBD_PG_ON_SL5_X.NASL
    description Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1151) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61372
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61372
    title Scientific Linux Security Update : perl-DBD-Pg on SL5.x, SL6.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2431.NASL
    description Niko Tyni discovered two format string vulnerabilities in DBD::Pg, a Perl DBI driver for the PostgreSQL database server, which can be exploited by a rogue database server.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58304
    published 2012-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58304
    title Debian DSA-2431-1 : libdbd-pg-perl - format string vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-10892.NASL
    description Update to latest upstream version, fixed the security bug CVE-2012-1151 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 61384
    published 2012-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61384
    title Fedora 17 : perl-DBD-Pg-2.19.2-1.fc17 (2012-10892)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-112.NASL
    description Two format string flaws were found in perl-DBD-Pg. A specially crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1151)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69602
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69602
    title Amazon Linux AMI : perl-DBD-Pg (ALAS-2012-112)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1116.NASL
    description From Red Hat Security Advisory 2012:1116 : An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1151) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68585
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68585
    title Oracle Linux 5 / 6 : perl-DBD-Pg (ELSA-2012-1116)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-10871.NASL
    description Update to latest upstream version, fixed the security bug CVE-2012-1151 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 61383
    published 2012-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61383
    title Fedora 16 : perl-DBD-Pg-2.19.2-1.fc16 (2012-10871)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201204-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201204-08 (Perl DBD-Pg Module: Arbitrary code execution) Format string vulnerabilities have been found in the the 'pg_warn()' and 'dbd_st_prepare()' functions in dbdimp.c. Impact : A remote PostgreSQL server could send specially crafted database warnings or DBD statements, possibly resulting in execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 59624
    published 2012-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59624
    title GLSA-201204-08 : Perl DBD-Pg Module: Arbitrary code execution
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1116.NASL
    description An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1151) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 60124
    published 2012-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60124
    title RHEL 5 / 6 : perl-DBD-Pg (RHSA-2012:1116)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1116.NASL
    description An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1151) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 60121
    published 2012-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60121
    title CentOS 5 / 6 : perl-DBD-Pg (CESA-2012:1116)
redhat via4
advisories
bugzilla
id 801733
title CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Perl warnings and by preparing DBD statement
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment perl-DBD-Pg is earlier than 0:1.49-4.el5_8
      oval oval:com.redhat.rhsa:tst:20121116002
    • comment perl-DBD-Pg is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20090479003
  • AND
    • comment perl-DBD-Pg is earlier than 0:2.15.1-4.el6_3
      oval oval:com.redhat.rhsa:tst:20121116008
    • comment perl-DBD-Pg is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20121116009
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
rhsa
id RHSA-2012:1116
released 2012-07-25
severity Moderate
title RHSA-2012:1116: perl-DBD-Pg security update (Moderate)
rpms
  • perl-DBD-Pg-0:1.49-4.el5_8
  • perl-DBD-Pg-0:2.15.1-4.el6_3
refmap via4
confirm
debian DSA-2431
gentoo GLSA-201204-08
mandriva MDVSA-2012:112
misc
mlist
  • [oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws
  • [oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws
secunia
  • 48307
  • 48319
  • 48824
xf
  • dbdpg-dbdstprepare-format-string(73855)
  • dbdpg-pgwarn-format-string(73854)
Last major update 04-04-2013 - 23:09
Published 09-09-2012 - 17:55
Last modified 28-08-2017 - 21:31
Back to Top