| Description: | Description:
The remote host is missing an update to perl
announced via advisory USN-222-2.
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected: libperl5.8 perl-base
USN-222-1 fixed a vulnerability in the Perl interpreter. It was
discovered that the version of USN-222-1 was not sufficient to handle
all possible cases of malformed input that could lead to arbitrary
code execution, so another update is necessary.
Original advisory:
Jack Louis of Dyad Security discovered that Perl did not
sufficiently check the explicit length argument in format strings.
Specially crafted format strings with overly large length arguments
led to a crash of the Perl interpreter or even to execution of
arbitrary attacker-defined code with the privileges of the user
running the Perl program.
However, this attack was only possible in insecure Perl programs
which use variables with user-defined values in string
interpolations without checking their validity.
Solution:
The problem can be corrected by upgrading the affected package to
version 5.8.4-2ubuntu0.6 (for Ubuntu 4.10), 5.8.4-6ubuntu1.2 (for
Ubuntu 5.04), or 5.8.7-5ubuntu1.2 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
http://www.securityspace.com/smysecure/catid.html?in=USN-222-2
Risk factor : Medium
CVSS Score:
4.6
|
