Test ID:	1.3.6.1.4.1.25623.1.0.840647
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1129-1)
Summary:	The remote host is missing an update for the 'perl' package(s) announced via the USN-1129-1 advisory.
Description:	Summary: The remote host is missing an update for the 'perl' package(s) announced via the USN-1129-1 advisory. Vulnerability Insight: It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. (CVE-2010-1168, CVE-2010-1447) It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-2761, CVE-2010-4411) It was discovered that the CGI.pm Perl module incorrectly handled newline characters. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-4410) It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input. An attacker could use this flaw to bypass intended restrictions. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS and 10.10. (CVE-2011-1487) Affected Software/OS: 'perl' package(s) on Ubuntu 6.06, Ubuntu 8.04, Ubuntu 10.04, Ubuntu 10.10, Ubuntu 11.04. Solution: Please install the updated package(s). CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1168 1024062 http://securitytracker.com/id?1024062 40049 http://secunia.com/advisories/40049 40052 http://secunia.com/advisories/40052 42402 http://secunia.com/advisories/42402 ADV-2010-3075 http://www.vupen.com/english/advisories/2010/3075 MDVSA-2010:115 http://www.mandriva.com/security/advisories?name=MDVSA-2010:115 MDVSA-2010:116 http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 RHSA-2010:0457 http://www.redhat.com/support/errata/RHSA-2010-0457.html RHSA-2010:0458 http://www.redhat.com/support/errata/RHSA-2010-0458.html [oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request http://www.openwall.com/lists/oss-security/2010/05/20/5 http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 https://bugzilla.redhat.com/show_bug.cgi?id=576508 oval:org.mitre.oval:def:7424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424 oval:org.mitre.oval:def:9807 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807 Common Vulnerability Exposure (CVE) ID: CVE-2010-1447 1023988 http://www.securitytracker.com/id?1023988 39845 http://secunia.com/advisories/39845 40305 http://www.securityfocus.com/bid/40305 64756 http://osvdb.org/64756 ADV-2010-1167 http://www.vupen.com/english/advisories/2010/1167 DSA-2267 http://www.debian.org/security/2011/dsa-2267 http://security-tracker.debian.org/tracker/CVE-2010-1447 http://www.postgresql.org/about/news.1203 https://bugs.launchpad.net/bugs/cve/2010-1447 https://bugzilla.redhat.com/show_bug.cgi?id=588269 oval:org.mitre.oval:def:11530 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530 oval:org.mitre.oval:def:7320 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320 Common Vulnerability Exposure (CVE) ID: CVE-2010-2761 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:237 http://www.mandriva.com/security/advisories?name=MDVSA-2010:250 https://bugzilla.mozilla.org/show_bug.cgi?id=600464 http://openwall.com/lists/oss-security/2010/12/01/1 http://openwall.com/lists/oss-security/2010/12/01/2 http://openwall.com/lists/oss-security/2010/12/01/3 http://osvdb.org/69588 http://osvdb.org/69589 http://www.redhat.com/support/errata/RHSA-2011-1797.html http://secunia.com/advisories/42877 http://secunia.com/advisories/43033 http://secunia.com/advisories/43068 http://secunia.com/advisories/43147 http://secunia.com/advisories/43165 SuSE Security Announcement: SUSE-SR:2011:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.vupen.com/english/advisories/2011/0076 http://www.vupen.com/english/advisories/2011/0207 http://www.vupen.com/english/advisories/2011/0212 http://www.vupen.com/english/advisories/2011/0249 http://www.vupen.com/english/advisories/2011/0271 Common Vulnerability Exposure (CVE) ID: CVE-2010-4410 BugTraq ID: 44199 http://www.securityfocus.com/bid/44199 BugTraq ID: 45145 http://www.securityfocus.com/bid/45145 http://www.mandriva.com/security/advisories?name=MDVSA-2010:252 http://www.vupen.com/english/advisories/2010/3230 Common Vulnerability Exposure (CVE) ID: CVE-2010-4411 http://www.mandriva.com/security/advisories?name=MDVSA-2011:008 http://www.vupen.com/english/advisories/2011/0106 Common Vulnerability Exposure (CVE) ID: CVE-2011-1487 43921 http://secunia.com/advisories/43921 44168 http://secunia.com/advisories/44168 47124 http://www.securityfocus.com/bid/47124 DSA-2265 http://www.debian.org/security/2011/dsa-2265 FEDORA-2011-4610 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html FEDORA-2011-4631 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html MDVSA-2011:091 http://www.mandriva.com/security/advisories?name=MDVSA-2011:091 SUSE-SR:2011:009 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html [oss-security] 20110401 CVE Request -- perl -- lc(), uc() routines are laundering tainted data http://openwall.com/lists/oss-security/2011/04/01/3 [oss-security] 20110404 Re: CVE Request -- perl -- lc(), uc() routines are laundering tainted data http://openwall.com/lists/oss-security/2011/04/04/35 http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99 http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336 https://bugzilla.redhat.com/show_bug.cgi?id=692844 https://bugzilla.redhat.com/show_bug.cgi?id=692898 perl-laundering-security-bypass(66528) https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.