Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1487

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1487
Last Modified 20 Feb 2014 11:41:36
Published 11 Apr 2011 02:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1487

Summary

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Vulnerable Systems

Application

  • Perl 5.10.0

  • Perl 5.10.1

  • Perl 5.11.0

  • Perl 5.11.1

  • Perl 5.11.2

  • Perl 5.11.3

  • Perl 5.11.4

  • Perl 5.11.5

  • Perl 5.12.0

  • Perl 5.12.1

  • Perl 5.12.2

  • Perl 5.12.3

  • Perl 5.13.0

  • Perl 5.13.1

  • Perl 5.13.10

  • Perl 5.13.11

  • Perl 5.13.2

  • Perl 5.13.3

  • Perl 5.13.4

  • Perl 5.13.5

  • Perl 5.13.6

  • Perl 5.13.7

  • Perl 5.13.8

  • Perl 5.13.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=692898

CONFIRM - http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99

MLIST - [oss-security] 20110404 Re: CVE Request -- perl -- lc(), uc() routines are laundering tainted data

MLIST - [oss-security] 20110401 CVE Request -- perl -- lc(), uc() routines are laundering tainted data

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=692844

XF - perl-laundering-security-bypass(66528)

BID - 47124

MANDRIVA - MDVSA-2011:091

DEBIAN - DSA-2265

SECUNIA - 44168

SECUNIA - 43921

CONFIRM - http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336

FEDORA - FEDORA-2011-4631

FEDORA - FEDORA-2011-4610

SUSE - SUSE-SR:2011:009

Related Patches

Novell SUSE 2011:7507 perl security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:56:44