Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_3_PERL-111122.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : perl (openSUSE-SU-2011:1278-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.9%

JSON

This update of Perl fixes a heap based buffer overflow in the decode_xs() function (CVE-2011-2939, bnc#728662).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update perl-5471.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75707);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2011-2939");

  script_name(english:"openSUSE Security Update : perl (openSUSE-SU-2011:1278-1)");
  script_summary(english:"Check for the perl-5471 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of Perl fixes a heap based buffer overflow in the
decode_xs() function (CVE-2011-2939, bnc#728662)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=728662"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2011-11/msg00026.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected perl packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/11/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.3", reference:"perl-5.12.1-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"perl-base-5.12.1-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"perl-32bit-5.12.1-2.7.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"perl-base-32bit-5.12.1-2.7.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl");
}
VendorProductVersionCPE
novellopensuseperlp-cpe:/a:novell:opensuse:perl
novellopensuseperl-32bitp-cpe:/a:novell:opensuse:perl-32bit
novellopensuseperl-basep-cpe:/a:novell:opensuse:perl-base
novellopensuseperl-base-32bitp-cpe:/a:novell:opensuse:perl-base-32bit
novellopensuse11.3cpe:/o:novell:opensuse:11.3

Related

ubuntucve 1
prion 1
veracode 1
cve 1
cvelist 1
nessus 12
nvd 1
altlinux 1
debiancve 1
redhat 1
openvas 15
oraclelinux 1
seebug 1
fedora 1
amazon 1
securityvulns 3
f5 1
gentoo 1
ubuntu 1
ubuntucve
ubuntucve
CVE-2011-2939
2012-01-13 00:00:00
prion
prion
Heap overflow
2012-01-13 18:55:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:04:11
cve
cve
CVE-2011-2939
2012-01-13 18:55:02
cvelist
cvelist
CVE-2011-2939
2012-01-13 18:00:00
nessus
nessus
openSUSE Security Update : perl (openSUSE-SU-2011:1278-1)
2014-06-13 00:00:00
openSUSE Security Update : icedtea-web (openSUSE-SU-2011:1251-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : perl (MDVSA-2012:008)
2012-01-19 00:00:00
nvd
nvd
CVE-2011-2939
2012-01-13 18:55:02
altlinux
altlinux
Security fix for the ALT Linux 6 package perl-Encode version 2.47-alt0.M60P.1
2012-10-30 00:00:00
debiancve
debiancve
CVE-2011-2939
2012-01-13 18:55:02
redhat
redhat
(RHSA-2011:1424) Moderate: perl security update
2011-11-03 00:00:00
openvas
openvas
Fedora Update for perl FEDORA-2011-13874
2011-11-03 00:00:00
Oracle: Security Advisory (ELSA-2011-1424)
2015-10-06 00:00:00
RedHat Update for perl RHSA-2011:1424-01
2012-07-09 00:00:00
oraclelinux
oraclelinux
perl security update
2011-11-03 00:00:00
seebug
seebug
Perl "decode_xs()"ε’Œ"File::Glob::bsd_glob()"θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2011-09-30 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: perl-5.12.4-147.fc14
2011-11-03 00:22:52
amazon
amazon
Medium: perl
2011-11-09 21:48:00
securityvulns
securityvulns
perl security vulnerabilities
2012-01-20 00:00:00
[USN-1643-1] Perl vulnerabilities
2012-12-02 00:00:00
perl multiple security vulnerabilities
2012-12-02 00:00:00
f5
f5
K83058481 : Perl vulnerabilities CVE-2011-1487, CVE-2011-2939, and CVE-2011-3597
2017-10-16 00:00:00
gentoo
gentoo
Perl, Locale Maketext Perl module: Multiple vulnerabilities
2014-01-19 00:00:00
ubuntu
ubuntu
Perl vulnerabilities
2012-11-30 00:00:00

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.017 Low

EPSS

Percentile

87.9%

JSON
Related for SUSE_11_3_PERL-111122.NASL
ubuntucve1prion1veracode1cve1cvelist1nessus12nvd1altlinux1debiancve1redhat1openvas15oraclelinux1seebug1fedora1amazon1securityvulns3f51gentoo1ubuntu1