English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70838
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-1129-1 (perl)
Summary:Ubuntu USN-1129-1 (perl)
Description:The remote host is missing an update to perl
announced via advisory USN-1129-1.

Details:

It was discovered that the Safe.pm Perl module incorrectly handled
Safe::reval and Safe::rdo access restrictions. An attacker could use this
flaw to bypass intended restrictions and possibly execute arbitrary code.
(CVE-2010-1168, CVE-2010-1447)

It was discovered that the CGI.pm Perl module incorrectly handled certain
MIME boundary strings. An attacker could use this flaw to inject arbitrary
HTTP headers and perform HTTP response splitting and cross-site scripting
attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and
10.10. (CVE-2010-2761, CVE-2010-4411)

It was discovered that the CGI.pm Perl module incorrectly handled newline
characters. An attacker could use this flaw to inject arbitrary HTTP
headers and perform HTTP response splitting and cross-site scripting
attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and
10.10. (CVE-2010-4410)

It was discovered that the lc, lcfirst, uc, and ucfirst functions did not
properly apply the taint attribute when processing tainted input. An
attacker could use this flaw to bypass intended restrictions. This issue
only affected Ubuntu 8.04 LTS, 10.04 LTS and 10.10. (CVE-2011-1487)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
perl 5.10.1-17ubuntu4.1

Ubuntu 10.10:
perl 5.10.1-12ubuntu2.1

Ubuntu 10.04 LTS:
perl 5.10.1-8ubuntu2.1

Ubuntu 8.04 LTS:
perl 5.8.8-12ubuntu0.5

http://www.securityspace.com/smysecure/catid.html?in=USN-1129-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-1168
http://www.openwall.com/lists/oss-security/2010/05/20/5
http://www.mandriva.com/security/advisories?name=MDVSA-2010:115
http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
http://www.redhat.com/support/errata/RHSA-2010-0457.html
http://www.redhat.com/support/errata/RHSA-2010-0458.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9807
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7424
http://securitytracker.com/id?1024062
http://secunia.com/advisories/40049
http://secunia.com/advisories/40052
http://secunia.com/advisories/42402
http://www.vupen.com/english/advisories/2010/3075
Common Vulnerability Exposure (CVE) ID: CVE-2010-1447
Debian Security Information: DSA-2267 (Google Search)
http://www.debian.org/security/2011/dsa-2267
BugTraq ID: 40305
http://www.securityfocus.com/bid/40305
http://osvdb.org/64756
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11530
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7320
http://www.securitytracker.com/id?1023988
http://secunia.com/advisories/39845
http://www.vupen.com/english/advisories/2010/1167
Common Vulnerability Exposure (CVE) ID: CVE-2010-2761
http://openwall.com/lists/oss-security/2010/12/01/1
http://openwall.com/lists/oss-security/2010/12/01/3
http://openwall.com/lists/oss-security/2010/12/01/2
https://bugzilla.mozilla.org/show_bug.cgi?id=600464
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:237
http://www.mandriva.com/security/advisories?name=MDVSA-2010:250
http://www.redhat.com/support/errata/RHSA-2011-1797.html
SuSE Security Announcement: SUSE-SR:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://osvdb.org/69589
http://osvdb.org/69588
http://secunia.com/advisories/42877
http://secunia.com/advisories/43033
http://secunia.com/advisories/43147
http://secunia.com/advisories/43068
http://secunia.com/advisories/43165
http://www.vupen.com/english/advisories/2011/0076
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0249
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0271
Common Vulnerability Exposure (CVE) ID: CVE-2010-4411
http://www.mandriva.com/security/advisories?name=MDVSA-2011:008
http://www.vupen.com/english/advisories/2011/0106
Common Vulnerability Exposure (CVE) ID: CVE-2010-4410
http://www.mandriva.com/security/advisories?name=MDVSA-2010:252
BugTraq ID: 45145
http://www.securityfocus.com/bid/45145
BugTraq ID: 44199
http://www.securityfocus.com/bid/44199
http://www.vupen.com/english/advisories/2010/3230
Common Vulnerability Exposure (CVE) ID: CVE-2011-1487
http://openwall.com/lists/oss-security/2011/04/01/3
http://openwall.com/lists/oss-security/2011/04/04/35
Debian Security Information: DSA-2265 (Google Search)
http://www.debian.org/security/2011/dsa-2265
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
BugTraq ID: 47124
http://www.securityfocus.com/bid/47124
http://secunia.com/advisories/43921
http://secunia.com/advisories/44168
XForce ISS Database: perl-laundering-security-bypass(66528)
http://xforce.iss.net/xforce/xfdb/66528
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 39786 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.