Test ID:	1.3.6.1.4.1.25623.1.0.56271
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: perl
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: perl webmin usermin CVE-2005-3912 Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl. CVE-2005-3962 Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3912 Bugtraq: 20051129 Webmin miniserv.pl format string vulnerability (Google Search) http://www.securityfocus.com/archive/1/418093/100/0/threaded Debian Security Information: DSA-1199 (Google Search) http://www.debian.org/security/2006/dsa-1199 http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:223 http://www.dyadsecurity.com/webmin-0001.html http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html http://secunia.com/advisories/17749 http://secunia.com/advisories/17817 http://secunia.com/advisories/17878 http://secunia.com/advisories/17942 http://secunia.com/advisories/18101 http://secunia.com/advisories/22556 SuSE Security Announcement: SUSE-SR:2005:030 (Google Search) http://www.novell.com/linux/security/advisories/2005_30_sr.html http://www.vupen.com/english/advisories/2005/2660 Common Vulnerability Exposure (CVE) ID: CVE-2005-3962 102192 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 15629 http://www.securityfocus.com/bid/15629 17762 http://secunia.com/advisories/17762 17802 http://secunia.com/advisories/17802 17844 http://secunia.com/advisories/17844 17941 http://secunia.com/advisories/17941 17952 http://secunia.com/advisories/17952 17993 http://secunia.com/advisories/17993 18075 http://secunia.com/advisories/18075 18183 http://secunia.com/advisories/18183 18187 http://secunia.com/advisories/18187 18295 http://secunia.com/advisories/18295 18413 http://secunia.com/advisories/18413 18517 http://secunia.com/advisories/18517 19041 http://secunia.com/advisories/19041 20051201 Perl format string integer wrap vulnerability http://marc.info/?l=full-disclosure&m=113342788118630&w=2 http://www.securityfocus.com/archive/1/418333/100/0/threaded 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U 20894 http://secunia.com/advisories/20894 21345 http://www.osvdb.org/21345 22255 http://www.osvdb.org/22255 23155 http://secunia.com/advisories/23155 31208 http://secunia.com/advisories/31208 ADV-2005-2688 http://www.vupen.com/english/advisories/2005/2688 ADV-2006-0771 http://www.vupen.com/english/advisories/2006/0771 ADV-2006-2613 http://www.vupen.com/english/advisories/2006/2613 ADV-2006-4750 http://www.vupen.com/english/advisories/2006/4750 APPLE-SA-2006-11-28 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html CLSA-2006:1056 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 DSA-943 http://www.debian.org/security/2006/dsa-943 FLSA-2006:176731 https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html GLSA-200512-01 http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml HPSBTU02125 http://www.securityfocus.com/archive/1/438726/100/0/threaded MDKSA-2005:225 http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 OpenPKG-SA-2005.025 http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html RHSA-2005:880 http://www.redhat.com/support/errata/RHSA-2005-880.html RHSA-2005:881 http://www.redhat.com/support/errata/RHSA-2005-881.html SSRT061105 SUSE-SA:2005:071 http://www.novell.com/linux/security/advisories/2005_71_perl.html SUSE-SR:2005:029 http://www.novell.com/linux/security/advisories/2005_29_sr.html TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html TSLSA-2005-0070 http://www.trustix.org/errata/2005/0070 USN-222-1 https://usn.ubuntu.com/222-1/ VU#948385 http://www.kb.cert.org/vuls/id/948385 [3.7] 20060105 007: SECURITY FIX: January 5, 2006 http://www.openbsd.org/errata37.html#perl ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch http://docs.info.apple.com/article.html?artnum=304829 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.dyadsecurity.com/perl-0002.html http://www.ipcop.org/index.php?name=News&file=article&sid=41 oval:org.mitre.oval:def:10598 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 oval:org.mitre.oval:def:1074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.