Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6329

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-6329
Last Modified 08 Mar 2014 12:01:30
Published 04 Jan 2013 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6329

Summary

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

Vulnerable Systems

Application

  • Perl 5.10

  • Perl 5.10.0

  • Perl 5.10.1

  • Perl 5.11.0

  • Perl 5.11.1

  • Perl 5.11.2

  • Perl 5.11.3

  • Perl 5.11.4

  • Perl 5.11.5

  • Perl 5.12.0

  • Perl 5.12.1

  • Perl 5.12.2

  • Perl 5.12.3

  • Perl 5.13.0

  • Perl 5.13.1

  • Perl 5.13.10

  • Perl 5.13.11

  • Perl 5.13.2

  • Perl 5.13.3

  • Perl 5.13.4

  • Perl 5.13.5

  • Perl 5.13.6

  • Perl 5.13.7

  • Perl 5.13.8

  • Perl 5.13.9

  • Perl 5.14.0

  • Perl 5.14.1

  • Perl 5.14.2

  • Perl 5.14.3

  • Perl 5.16.0

  • Perl 5.16.1

  • Perl 5.16.2


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=884354

CONFIRM - http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329

MLIST - [foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution

CONFIRM - http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8

CONFIRM - http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod

MLIST - [oss-security] 20121211 Re: CVE request: perl-modules

MLIST - [perl5-porters] 20121205 Re: security notice: Locale::Maketext

MLIST - [perl5-porters] 20121205 security notice: Locale::Maketext

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224

REDHAT - RHSA-2013:0685

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032

MANDRIVA - MDVSA-2013:113

UBUNTU - USN-2099-1


Last Updated: 27 May 2016 11:01:34