Lucene search

CERTVU:948385

HistoryDec 06, 2005 - 12:00 a.m.

Perl contains an integer sign error in format string processing

2005-12-0600:00:00

www.kb.cert.org

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

51.6%

JSON

Overview

The Perl interpreter contains a flaw that may increase the impact of format string vulnerabilities in programs written in Perl.

Description

Perl is a programming language used in many applications and commonly used for web applications. The Perl interpreter, which interprets and executes Perl programs, contains an integer sign error in its format string processing for formatted I/O.

Impact

An attacker may leverage this vulnerability to increase the impact a format string vulnerability in a Perl program. This vulnerability in the Perl interpreter is not directly exploitable.

Solution

Patch the Perl interpreter per vendor instructions.

Vendor Information

948385

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Fedora Project __ Affected

Updated: December 28, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

For Fedora Core 4, consult FEDORA-2005-1144, which updates the remediation described in FEDORA-2005-1113.

For Fedora Core 3, consult FEDORA-2005-1145, which updates the remediation described in FEDORA-2005-1117.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).

Gentoo Linux __ Affected

Updated: December 08, 2005

Statement Date: December 08, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Consult GLSA 200512-01 for vulnerability details and remediation instructions.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).

Mandriva, Inc. __ Affected

Updated: December 28, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Consult MDKSA-2005:225 for information about updated Perl packages.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).

OpenPKG __ Affected

Updated: December 06, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Consult OpenPKG-SA-2005.025 for vulnerability details and remediation instructions.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).

Perl Developers __ Affected

Notified: December 01, 2005 Updated: December 28, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

In a Dec 15, 2005 stamement, the Perl Foundation reports patches are available addressing this vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).

Red Hat, Inc. __ Affected

Updated: December 28, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

For Red Hat Desktop v. 4 and Enterprise Linux v. 4, consult RHSA-2005:880 for remedition instructions…

For Red Hat Desktop v. 3 and Enterprise Linux v. 3, consult RHSA-2005:881 for remedition instructions…

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).

SUSE Linux __ Affected

Updated: December 28, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Consult SUSE-SA:2005:071 for remediation instructions.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).

Trustix Secure Linux __ Affected

Updated: December 28, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Consult Trustix Secure Linux Security Advisory #2005-0070 for update Perl package information.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).

Ubuntu __ Affected

Updated: December 06, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Consult Ubuntu Security Notice USN-222-1 for vulnerability details and remediation instructions.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).