Test ID:	1.3.6.1.4.1.25623.1.0.55948
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-222-1 (perl)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to perl announced via advisory USN-222-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: perl-base Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program. However, this attack was only possible in insecure Perl programs which use variables with user-defined values in string interpolations without checking their validity. Solution: The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.5 (for Ubuntu 4.10), 5.8.4-6ubuntu1.1 (for Ubuntu 5.04), or 5.8.7-5ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-222-1 Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	BugTraq ID: 15629 Common Vulnerability Exposure (CVE) ID: CVE-2005-3962 102192 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 15629 http://www.securityfocus.com/bid/15629 17762 http://secunia.com/advisories/17762 17802 http://secunia.com/advisories/17802 17844 http://secunia.com/advisories/17844 17941 http://secunia.com/advisories/17941 17952 http://secunia.com/advisories/17952 17993 http://secunia.com/advisories/17993 18075 http://secunia.com/advisories/18075 18183 http://secunia.com/advisories/18183 18187 http://secunia.com/advisories/18187 18295 http://secunia.com/advisories/18295 18413 http://secunia.com/advisories/18413 18517 http://secunia.com/advisories/18517 19041 http://secunia.com/advisories/19041 20051201 Perl format string integer wrap vulnerability http://marc.info/?l=full-disclosure&m=113342788118630&w=2 http://www.securityfocus.com/archive/1/418333/100/0/threaded 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U 20894 http://secunia.com/advisories/20894 21345 http://www.osvdb.org/21345 22255 http://www.osvdb.org/22255 23155 http://secunia.com/advisories/23155 31208 http://secunia.com/advisories/31208 ADV-2005-2688 http://www.vupen.com/english/advisories/2005/2688 ADV-2006-0771 http://www.vupen.com/english/advisories/2006/0771 ADV-2006-2613 http://www.vupen.com/english/advisories/2006/2613 ADV-2006-4750 http://www.vupen.com/english/advisories/2006/4750 APPLE-SA-2006-11-28 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html CLSA-2006:1056 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 DSA-943 http://www.debian.org/security/2006/dsa-943 FLSA-2006:176731 https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html GLSA-200512-01 http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml HPSBTU02125 http://www.securityfocus.com/archive/1/438726/100/0/threaded MDKSA-2005:225 http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 OpenPKG-SA-2005.025 http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html RHSA-2005:880 http://www.redhat.com/support/errata/RHSA-2005-880.html RHSA-2005:881 http://www.redhat.com/support/errata/RHSA-2005-881.html SSRT061105 SUSE-SA:2005:071 http://www.novell.com/linux/security/advisories/2005_71_perl.html SUSE-SR:2005:029 http://www.novell.com/linux/security/advisories/2005_29_sr.html TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html TSLSA-2005-0070 http://www.trustix.org/errata/2005/0070 USN-222-1 https://usn.ubuntu.com/222-1/ VU#948385 http://www.kb.cert.org/vuls/id/948385 [3.7] 20060105 007: SECURITY FIX: January 5, 2006 http://www.openbsd.org/errata37.html#perl ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch http://docs.info.apple.com/article.html?artnum=304829 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.dyadsecurity.com/perl-0002.html http://www.ipcop.org/index.php?name=News&file=article&sid=41 oval:org.mitre.oval:def:10598 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 oval:org.mitre.oval:def:1074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.