Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5116

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5116
Last Modified 07 Mar 2011 10:00:06
Published 07 Nov 2007 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5116

Summary

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 1.0

Application

  • Larry Wall Perl 5.8.0

  • Larry Wall Perl 5.8.1

  • Larry Wall Perl 5.8.3

  • Larry Wall Perl 5.8.4

  • Larry Wall Perl 5.8.4.1

  • Larry Wall Perl 5.8.4.2

  • Larry Wall Perl 5.8.4.2.3

  • Larry Wall Perl 5.8.4.3

  • Larry Wall Perl 5.8.4.4

  • Larry Wall Perl 5.8.4.5

  • Larry Wall Perl 5.8.6

  • Mandrakesoft Mandrake Multi Network Firewall 2.0

  • Openpkg Current


References

CERT - TA07-352A

MANDRIVA - MDKSA-2007:207

CONFIRM - https://issues.rpath.com/browse/RPL-1813

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=378131

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=323571

XF - perl-unicode-bo(38270)

VUPEN - ADV-2008-0641

VUPEN - ADV-2008-0064

VUPEN - ADV-2007-4255

VUPEN - ADV-2007-4238

VUPEN - ADV-2007-3724

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0001.html

UBUNTU - USN-552-1

BID - 26350

BUGTRAQ - 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

BUGTRAQ - 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

BUGTRAQ - 20071112 FLEA-2007-0069-1 perl

BUGTRAQ - 20071110 FLEA-2007-0063-1 perl

REDHAT - RHSA-2007:1011

REDHAT - RHSA-2007:0966

OPENPKG - OpenPKG-SA-2007.023

SUSE - SUSE-SR:2007:024

CONFIRM - http://www.ipcop.org/index.php?name=News&file=article&sid=41

GENTOO - GLSA-200711-28

DEBIAN - DSA-1400

AIXAPAR - IZ10244

AIXAPAR - IZ10220

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm

SUNALERT - 1018985

SECTRACK - 1018899

SECUNIA - 31208

SECUNIA - 28387

SECUNIA - 28368

SECUNIA - 28167

SECUNIA - 27936

SECUNIA - 27756

SECUNIA - 27613

SECUNIA - 27570

SECUNIA - 27548

SECUNIA - 27546

SECUNIA - 27531

SECUNIA - 27515

SECUNIA - 27479

HP - HPSBTU02311

MLIST - [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

APPLE - APPLE-SA-2007-12-17

CONFIRM - http://docs.info.apple.com/article.html?artnum=307179

CONFIRM - ftp://aix.software.ibm.com/aix/efixes/security/README

SUNALERT - 231524

SUNALERT - 31524

SECUNIA - 29074

SECUNIA - 28993

HP - SSRT080001

Related Patches

Apple 2007-12-17 Security Update 2007-009 (10.4.11 PPC)

Apple 2007-12-17 Security Update 2007-009 (10.5.1)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.4.11 PPC)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.5.1)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.4.11 Universal)

Novell SUSE 2007:4665 perl security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:47:26