ID de Prueba:	1.3.6.1.4.1.25623.1.0.120561
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2013-177)
Resumen:	The remote host is missing an update for the 'perl' package(s) announced via the ALAS-2013-177 advisory.
Descripción:	Summary: The remote host is missing an update for the 'perl' package(s) announced via the ALAS-2013-177 advisory. Vulnerability Insight: A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption. (CVE-2013-1667) It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items. (CVE-2012-5526) It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates. (CVE-2012-6329) Affected Software/OS: 'perl' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5195 BugTraq ID: 56287 http://www.securityfocus.com/bid/56287 Debian Security Information: DSA-2586 (Google Search) http://www.debian.org/security/2012/dsa-2586 http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 http://www.openwall.com/lists/oss-security/2012/10/26/2 http://www.openwall.com/lists/oss-security/2012/10/27/1 http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html RedHat Security Advisories: RHSA-2013:0685 http://rhn.redhat.com/errata/RHSA-2013-0685.html http://secunia.com/advisories/51457 http://secunia.com/advisories/55314 http://www.ubuntu.com/usn/USN-1643-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-5526 1027780 http://www.securitytracker.com/id?1027780 51457 55314 56562 http://www.securityfocus.com/bid/56562 DSA-2586 RHSA-2013:0685 USN-1643-1 [oss-security] 20121115 Re: CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers http://www.openwall.com/lists/oss-security/2012/11/15/6 http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html https://github.com/markstos/CGI.pm/pull/23 perl-cgipm-header-injection(80098) https://exchange.xforce.ibmcloud.com/vulnerabilities/80098 Common Vulnerability Exposure (CVE) ID: CVE-2012-6329 BugTraq ID: 56950 http://www.securityfocus.com/bid/56950 https://bugzilla.redhat.com/show_bug.cgi?id=884354 http://sourceforge.net/mailarchive/message.php?msg_id=30219695 http://openwall.com/lists/oss-security/2012/12/11/4 http://code.activestate.com/lists/perl5-porters/187763/ http://code.activestate.com/lists/perl5-porters/187746/ http://www.ubuntu.com/usn/USN-2099-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1667 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html BugTraq ID: 58311 http://www.securityfocus.com/bid/58311 Debian Security Information: DSA-2641 (Google Search) http://www.debian.org/security/2013/dsa-2641 HPdes Security Advisory: HPSBUX02928 http://marc.info/?l=bugtraq&m=137891988921058&w=2 HPdes Security Advisory: SSRT101274 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296 https://bugzilla.redhat.com/show_bug.cgi?id=912276 http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html http://osvdb.org/90892 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771 http://secunia.com/advisories/52472 http://secunia.com/advisories/52499 http://www.ubuntu.com/usn/USN-1770-1 XForce ISS Database: perl-rehash-dos(82598) https://exchange.xforce.ibmcloud.com/vulnerabilities/82598
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.