Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1151

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1151
Last Modified 04 Apr 2013 11:09:03
Published 09 Sep 2012 05:55:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1151

Summary

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.

Vulnerable Systems

Application

  • Perl 0.1

  • Perl 0.2

  • Perl 0.3

  • Perl 0.4

  • Perl 0.5

  • Perl 0.52

  • Perl 0.61

  • Perl 0.62

  • Perl 0.63

  • Perl 0.64

  • Perl 0.65

  • Perl 0.66

  • Perl 0.67

  • Perl 0.68

  • Perl 0.69

  • Perl 0.70

  • Perl 0.71

  • Perl 0.72

  • Perl 0.73

  • Perl 0.80

  • Perl 0.81

  • Perl 0.82

  • Perl 0.83

  • Perl 0.84

  • Perl 0.85

  • Perl 0.86

  • Perl 0.87

  • Perl 0.88

  • Perl 0.89

  • Perl 0.90

  • Perl 0.91

  • Perl 0.92

  • Perl 0.93

  • Perl 0.94

  • Perl 0.95

  • Perl 0.96

  • Perl 0.97

  • Perl 0.98

  • Perl 0.99

  • Perl 1.00

  • Perl 1.01

  • Perl 1.20

  • Perl 1.21

  • Perl 1.22

  • Perl 1.31

  • Perl 1.32

  • Perl 1.40

  • Perl 1.41

  • Perl 1.42

  • Perl 1.43

  • Perl 1.44

  • Perl 1.45

  • Perl 1.46

  • Perl 1.47

  • Perl 1.48

  • Perl 1.49

  • Perl 2.0.0

  • Perl 2.1.0

  • Perl 2.1.1

  • Perl 2.1.2

  • Perl 2.1.3

  • Perl 2.10.0

  • Perl 2.10.1

  • Perl 2.10.2

  • Perl 2.10.3

  • Perl 2.10.4

  • Perl 2.10.5

  • Perl 2.10.6

  • Perl 2.10.7

  • Perl 2.11.0

  • Perl 2.11.1

  • Perl 2.11.2

  • Perl 2.11.3

  • Perl 2.11.4

  • Perl 2.11.5

  • Perl 2.11.6

  • Perl 2.11.7

  • Perl 2.11.8

  • Perl 2.12.0

  • Perl 2.13.0

  • Perl 2.14.0

  • Perl 2.14.1

  • Perl 2.15.0

  • Perl 2.15.1

  • Perl 2.16.0

  • Perl 2.16.1

  • Perl 2.17.0

  • Perl 2.17.1

  • Perl 2.17.2

  • Perl 2.18.0

  • Perl 2.18.1

  • Perl 2.2.0

  • Perl 2.2.1

  • Perl 2.2.2

  • Perl 2.3.0

  • Perl 2.4.0

  • Perl 2.5.0

  • Perl 2.5.1

  • Perl 2.6.0

  • Perl 2.6.1

  • Perl 2.6.2

  • Perl 2.6.3

  • Perl 2.6.4

  • Perl 2.6.5

  • Perl 2.6.6

  • Perl 2.7.0

  • Perl 2.7.1

  • Perl 2.7.2

  • Perl 2.8.0

  • Perl 2.8.1

  • Perl 2.8.2

  • Perl 2.8.3

  • Perl 2.8.4

  • Perl 2.8.5

  • Perl 2.8.6

  • Perl 2.8.7

  • Perl 2.8.8

  • Perl 2.9.0

  • Perl 2.9.1

  • Perl 2.9.2


References

CONFIRM - https://rt.cpan.org/Public/Bug/Display.html?id=75642

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=801733

XF - dbdpg-dbdstprepare-format-string(73855)

XF - dbdpg-pgwarn-format-string(73854)

MLIST - [oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws

MLIST - [oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws

DEBIAN - DSA-2431

SECUNIA - 48319

SECUNIA - 48307

CONFIRM - http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536

REDHAT - RHSA-2012:1116

GENTOO - GLSA-201204-08

SECUNIA - 48824

MANDRIVA - MDVSA-2012:112

Related Patches

Red Hat 2012:1116-01 RHSA Moderate: perl-DBD-Pg security update for RHEL 5 x86

Red Hat 2012:1116-01 RHSA Moderate: perl-DBD-Pg security update for RHEL 5 x86_64


Last Updated: 27 May 2016 11:00:32