CVE-2005-3962 - Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl

CVE-2005-3962

Summary

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

References

Vulnerable Configurations

cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 19-10-2018 - 15:39)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2013-04-29T04:06:59.152-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10598

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

accepted

2006-05-03T10:06:00.000-04:00

class

vulnerability

contributors

name	Robert L. Hollis
organization	ThreatGuard, Inc.

description

family

unix

oval:org.mitre.oval:def:1074

status

accepted

submitted

2006-03-02T02:05:00.000-04:00

title

Perl Format String Integer Overflow Vulnerability

version

redhat via4

advisories

rhsa
id RHSA-2005:880
rhsa
id RHSA-2005:881

rpms

perl-3:5.8.5-24.RHEL4
perl-debuginfo-3:5.8.5-24.RHEL4
perl-suidperl-3:5.8.5-24.RHEL4
perl-2:5.8.0-90.4
perl-CGI-2:2.89-90.4
perl-CPAN-2:1.61-90.4
perl-DB_File-2:1.806-90.4
perl-suidperl-2:5.8.0-90.4

refmap via4

apple	APPLE-SA-2006-11-28
bid	15629
bugtraq	20051201 Perl format string integer wrap vulnerability
cert	TA06-333A
cert-vn	VU#948385
conectiva	CLSA-2006:1056
confirm	ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch http://docs.info.apple.com/article.html?artnum=304829 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.ipcop.org/index.php?name=News&file=article&sid=41
debian	DSA-943
fedora	FLSA-2006:176731
fulldisc	20051201 Perl format string integer wrap vulnerability
gentoo	GLSA-200512-01
hp	HPSBTU02125 SSRT061105
mandrake	MDKSA-2005:225
misc	http://www.dyadsecurity.com/perl-0002.html
openbsd	[3.7] 20060105 007: SECURITY FIX: January 5, 2006
openpkg	OpenPKG-SA-2005.025
osvdb	21345 22255
secunia	17762 17802 17844 17941 17952 17993 18075 18183 18187 18295 18413 18517 19041 20894 23155 31208
sgi	20060101-01-U
sunalert	102192
suse	SUSE-SA:2005:071 SUSE-SR:2005:029
trustix	TSLSA-2005-0070
ubuntu	USN-222-1
vupen	ADV-2005-2688 ADV-2006-0771 ADV-2006-2613 ADV-2006-4750

Last major update

19-10-2018 - 15:39

Published

01-12-2005 - 17:03

Last modified

19-10-2018 - 15:39