Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3962

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-3962
Last Modified 11 Oct 2011 12:00:00
Published 01 Dec 2005 12:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-3962

Summary

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Vulnerable Systems

Application

  • Perl 5.8.6

  • Perl 5.9.2


References

CERT - TA06-333A

CERT-VN - VU#948385

MISC - http://www.dyadsecurity.com/perl-0002.html

FULLDISC - 20051201 Perl format string integer wrap vulnerability

FEDORA - FLSA-2006:176731

VUPEN - ADV-2006-4750

VUPEN - ADV-2006-2613

VUPEN - ADV-2006-0771

VUPEN - ADV-2005-2688

UBUNTU - USN-222-1

TRUSTIX - TSLSA-2005-0070

BID - 15629

HP - SSRT061105

REDHAT - RHSA-2005:881

REDHAT - RHSA-2005:880

OSVDB - 22255

OSVDB - 21345

OPENPKG - OpenPKG-SA-2005.025

OPENBSD - [3.7] 20060105 007: SECURITY FIX: January 5, 2006

SUSE - SUSE-SA:2005:071

SUSE - SUSE-SR:2005:029

MANDRAKE - MDKSA-2005:225

CONFIRM - http://www.ipcop.org/index.php?name=News&file=article&sid=41

GENTOO - GLSA-200512-01

DEBIAN - DSA-943

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

SUNALERT - 102192

SECUNIA - 31208

SECUNIA - 23155

SECUNIA - 20894

SECUNIA - 19041

SECUNIA - 18517

SECUNIA - 18413

SECUNIA - 18295

SECUNIA - 18187

SECUNIA - 18183

SECUNIA - 18075

SECUNIA - 17993

SECUNIA - 17952

SECUNIA - 17941

SECUNIA - 17844

SECUNIA - 17802

SECUNIA - 17762

APPLE - APPLE-SA-2006-11-28

CONFIRM - http://docs.info.apple.com/article.html?artnum=304829

CONECTIVA - CLSA-2006:1056

SGI - 20060101-01-U

MISC - ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch

CONFIRM - ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch

HP - HPSBTU02125

Related Patches

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 (PPC)

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 Server (PPC)

Apple 2006-11-28 Security Update 2006-007 Mac OS X 10.4.8 (Intel)


Last Updated: 27 May 2016 10:44:52