Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2286

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2286
Last Modified 05 Sep 2008 04:43:42
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2286

Summary

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.

Vulnerable Systems

Application

  • Activestate Activeperl 5.6.1

  • Activestate Activeperl 5.6.1.630

  • Activestate Activeperl 5.6.2

  • Activestate Activeperl 5.6.3

  • Activestate Activeperl 5.7.1

  • Activestate Activeperl 5.7.2

  • Activestate Activeperl 5.7.3

  • Activestate Activeperl 5.8

  • Activestate Activeperl 5.8.1

  • Activestate Activeperl 5.8.3

  • Larry Wall Perl 5.3

  • Larry Wall Perl 5.4

  • Larry Wall Perl 5.4.5

  • Larry Wall Perl 5.5

  • Larry Wall Perl 5.5.3

  • Larry Wall Perl 5.6

  • Larry Wall Perl 5.6.1

  • Larry Wall Perl 5.8.0

  • Larry Wall Perl 5.8.1

  • Larry Wall Perl 5.8.3


References

XF - perl-duplication-bo(16224)

BID - 10380

FULLDISC - 20040517 RE: [Full-Disclosure] Buffer Overflow in ActivePerl ?


Last Updated: 27 May 2016 10:39:25