CVE-2005-3962
CVSS4.6
发布时间 :2005-12-01 12:03:00
修订时间 :2016-10-17 23:37:59
NMCOP    

[原文]Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.


[CNNVD]Perl格式串处理整数溢出漏洞(CNNVD-200512-026)

        Perl是一种免费且功能强大的编程语言。
        由于Perl没有正确的处理格式化打印函数中的格式指示符导致了格式串溢出漏洞,远程攻击者可能利用此漏洞在主机上执行任意指令。
        参数格式串(%I$n)中的INT_MAX值可能导致Perl_sv_vcatpvfn函数中的efix出现整数溢出。攻击者可以利用这个漏洞远程执行任意指令或导致拒绝服务。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-189 [数值错误]

- CPE (受影响的平台与产品)

cpe:/a:perl:perl:5.8.6Perl 5.8.6
cpe:/a:perl:perl:5.9.2Perl 5.9.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1074Perl Format String Integer Overflow Vulnerability
oval:org.mitre.oval:def:10598Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3962
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-026
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
(UNKNOWN)  MISC  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
(UNKNOWN)  MISC  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
(UNKNOWN)  SGI  20060101-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
(UNKNOWN)  CONECTIVA  CLSA-2006:1056
http://docs.info.apple.com/article.html?artnum=304829
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
(UNKNOWN)  APPLE  APPLE-SA-2006-11-28
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
(UNKNOWN)  FULLDISC  20051201 Perl format string integer wrap vulnerability
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
(UNKNOWN)  SUNALERT  102192
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.debian.org/security/2006/dsa-943
(UNKNOWN)  DEBIAN  DSA-943
http://www.dyadsecurity.com/perl-0002.html
(VENDOR_ADVISORY)  MISC  http://www.dyadsecurity.com/perl-0002.html
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
(UNKNOWN)  GENTOO  GLSA-200512-01
http://www.ipcop.org/index.php?name=News&file=article&sid=41
(UNKNOWN)  CONFIRM  http://www.ipcop.org/index.php?name=News&file=article&sid=41
http://www.kb.cert.org/vuls/id/948385
(UNKNOWN)  CERT-VN  VU#948385
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
(UNKNOWN)  MANDRAKE  MDKSA-2005:225
http://www.novell.com/linux/security/advisories/2005_29_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:029
http://www.novell.com/linux/security/advisories/2005_71_perl.html
(UNKNOWN)  SUSE  SUSE-SA:2005:071
http://www.openbsd.org/errata37.html#perl
(UNKNOWN)  OPENBSD  [3.7] 20060105 007: SECURITY FIX: January 5, 2006
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
(UNKNOWN)  OPENPKG  OpenPKG-SA-2005.025
http://www.redhat.com/support/errata/RHSA-2005-880.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:880
http://www.redhat.com/support/errata/RHSA-2005-881.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:881
http://www.securityfocus.com/archive/1/archive/1/418333/100/0/threaded
(UNKNOWN)  BUGTRAQ  20051201 Perl format string integer wrap vulnerability
http://www.securityfocus.com/archive/1/archive/1/438726/100/0/threaded
(UNKNOWN)  HP  SSRT061105
http://www.securityfocus.com/bid/15629
(UNKNOWN)  BID  15629
http://www.trustix.org/errata/2005/0070
(UNKNOWN)  TRUSTIX  TSLSA-2005-0070
http://www.ubuntulinux.org/support/documentation/usn/usn-222-1
(UNKNOWN)  UBUNTU  USN-222-1
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
(UNKNOWN)  CERT  TA06-333A
http://www.vupen.com/english/advisories/2005/2688
(UNKNOWN)  VUPEN  ADV-2005-2688
http://www.vupen.com/english/advisories/2006/0771
(UNKNOWN)  VUPEN  ADV-2006-0771
http://www.vupen.com/english/advisories/2006/2613
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2613
http://www.vupen.com/english/advisories/2006/4750
(UNKNOWN)  VUPEN  ADV-2006-4750
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
(UNKNOWN)  FEDORA  FLSA-2006:176731

- 漏洞信息

Perl格式串处理整数溢出漏洞
中危 数字错误
2005-12-01 00:00:00 2009-02-06 00:00:00
本地  
        Perl是一种免费且功能强大的编程语言。
        由于Perl没有正确的处理格式化打印函数中的格式指示符导致了格式串溢出漏洞,远程攻击者可能利用此漏洞在主机上执行任意指令。
        参数格式串(%I$n)中的INT_MAX值可能导致Perl_sv_vcatpvfn函数中的efix出现整数溢出。攻击者可以利用这个漏洞远程执行任意指令或导致拒绝服务。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://security.debian.org/pool/updates/main/p/perl/

- 漏洞信息 (F47917)

HP Security Bulletin 2006-11.5 (PacketStormID:F47917)
2006-07-02 00:00:00
Hewlett Packard  hp.com
advisory,local,perl,vulnerability
unix
CVE-2005-3962
[点击下载]

HP Security Bulletin - Potential security vulnerabilities have been identified in Perl 5.8.2 and earlier running on HP Tru64 UNIX. These vulnerabilities could be exploited by a local user to execute unauthorized code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00686865
Version: 1

HPSBTU02125 SSRT061105 rev.1 - HP Tru64 UNIX Running Perl 5.8.2 and earlier, 
Local Unauthorized Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2006-06-28
Last Updated: 2006-06-28

Potential Security Impact: Local unauthorized code execution

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY

Potential security vulnerabilities have been identified in Perl 5.8.2 and earlier running on 
HP Tru64 UNIX. These vulnerabilities could be exploited by a local user to execute
unauthorized code.

References: CVE-2005-3962

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Perl 5.8.2 and earlier provided with:

    * HP Tru64 UNIX 5.1B-3
    * HP Tru64 UNIX 5.1B-2/PK4
    * HP Tru64 UNIX 5.1A PK6
    * HP Internet Express 6.3 for HP Tru64 UNIX
    * HP Internet Express 6.4 for HP Tru64 UNIX
    * HP Tru64 UNIX Associated Products CD (APCD) for HP Tru64 UNIX v 5.1B-3 (BL25) and earlier

BACKGROUND

RESOLUTION

HP has released a setld-based patch kit PERL_V51BB26-ES-20060612 with Perl 5.8.7 
publicly for use by any customer.

The patch kit can be installed on any Tru64 UNIX system running Perl from any of the impacted 
software versions noted in the SUPPORTED SOFTWARE VERSIONS section of this bulletin.

The patched Perl 5.8.7 is also available on HP Internet Express v 6.5.

HP Tru64 UNIX v 5.1B-3 Perl Patch Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=PERL_V51BB26-ES-20060612
Name: PERL_V51BB26-ES-20060612
MD5 Checksum: 49bb5de02b3236a0991698ec5f3ca648

HP Internet Express v 6.5 (Internet products and solutions for Tru64 UNIX Website)
Location: http://h30097.www3.hp.com/internet/prod_sol.htm

PRODUCT SPECIFIC INFORMATION

HISTORY
Version: 1 (rev.1) 28 June 2006 Initial release

Support: For further information, contact normal HP Services
support channel.

Report: To report a potential security vulnerability with any HP
supported product, send Email to: security-alert@hp.com.  It is
strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit
information.  To get the security-alert PGP key, please send an
e-mail message as follows:
  To: security-alert@hp.com
  Subject: get key

Subscribe: To initiate a subscription to receive future HP
Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&
langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC

On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  - check ALL categories for which alerts are required and
    continue.
Under Step2: your ITRC operating systems
  - verify your operating system selections are checked and
    save.

To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page:
  Subscriber's choice for Business: sign-in.
On the web page:
  Subscriber's Choice: your profile summary
    - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do

* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters of the
Bulletin number in the title:

    GN = HP General SW,
    MA = HP Management Agents,
    MI = Misc. 3rd party SW,
    MP = HP MPE/iX,
    NS = HP NonStop Servers,
    OV = HP OpenVMS,
    PI = HP Printing & Imaging,
    ST = HP Storage SW,
    TL = HP Trusted Linux,
    TU = HP Tru64 UNIX,
    UX = HP-UX,
    VV = HP Virtual Vault


System management and security procedures must be reviewed
frequently to maintain system integrity. HP is continually
reviewing and enhancing the security features of software products
to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from user's use
or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability
and fitness for a particular purpose, title and non-infringement."


(c)Copyright 2006 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
provided is provided "as is" without warranty of any kind. To the
extent permitted by law, neither HP nor its affiliates,
subcontractors or suppliers will be liable for incidental, special
or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration.
The information in this document is subject to change without
notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRKOoS+AfOvwtKn1ZEQLgaQCdHaIhXQSH77DWrWHmmd1qwBmlkgcAoPoD
gxkTgvKBXn7wXrvg9tY8PcqF
=FnzZ
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F43257)

Debian Linux Security Advisory 943-1 (PacketStormID:F43257)
2006-01-22 00:00:00
Debian  debian.org
advisory,overflow,arbitrary,perl
linux,debian
CVE-2005-3962
[点击下载]

Debian Security Advisory DSA 943-1 - Jack Louis discovered an integer overflow in Perl, Larry Wall's Practical Extraction and Report Language, that allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via specially crafted content that is passed to vulnerable format strings of third party software.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 943-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 16th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : perl
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2005-3962
Debian Bug     : 341542

Jack Louis discovered an integer overflow in Perl, Larry Wall's
Practical Extraction and Report Language, that allows attackers to
overwrite arbitrary memory and possibly execute arbitrary code via
specially crafted content that is passed to vulnerable format strings
of third party software.

The old stable distribution (woody) does not seem to be affected by
this problem.

For the stable distribution (sarge) this problem has been fixed in
version 5.8.4-8sarge3.

For the unstable distribution (sid) this problem has been fixed in
version 5.8.7-9.

We recommend that you upgrade your perl packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.dsc
      Size/MD5 checksum:      738 88756767017d421351e02a5226457d2b
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.diff.gz
      Size/MD5 checksum:    87851 05a72533cd5bde5fce6987cf39041236
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4.orig.tar.gz
      Size/MD5 checksum: 12094233 912050a9cb6b0f415b76ba56052fb4cf

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.4-8sarge3_all.deb
      Size/MD5 checksum:    38332 7d47e456c2bd7c83312bb1ad17738284
    http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.4-8sarge3_all.deb
      Size/MD5 checksum:  7053372 47e14a8f071c506916e40713e8cc81f7
    http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.4-8sarge3_all.deb
      Size/MD5 checksum:  2178216 4823e4985f8cf1b4af78ec26afbc0102

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:   805438 0e3cb34c8c093515c7b33fa60a493899
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:     1040 f82603c65e3f3def2356962111e411c2
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:  3901974 f744b7b871a8071cb403a74d665b7778
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:   874714 26e450d8f0375e5a3545c2988205cee4
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:  4133098 cf772af3fa70e0cf320b43964aeab61e
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:    37080 d3863820eaebcbbbe59775a1874da2eb

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:   605284 c6e097980b5dec33bb340e8f4c76de19
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:     1030 08b7c6bb0bb58a02a254826cfee27e33
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:  3834144 e7f33d48427be694e994c18f7321d9e0
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:   791678 bdbedf5f0e3efb20181a0665d791c6de
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:  3934814 ed946cdd2984a538b60acbd034264947
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:    32852 ae96f1f115505ab983ed389dee240a83

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:   613158 30cd5528198d49208274e50e60611b0a
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:     1026 fc64aa8b67f46fcccb6d85db7cb242ad
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:  3132808 226a69d4fa30d1e0a40f4d761826c230
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:   737524 b4aaf84bd60fef147d1131c5ffbc6a0a
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:  3719460 8e8d12058f9f7fb9e153d4c3ff79d0f4
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:    29880 faa9dc0401eb667e202e12f2d2cf9643

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:   567048 8488e40844019795a1179a2b9a74f172
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:   508818 66f7900d63a2efb0a787e83186613a98
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:  3237948 5841d065408022fb2fe0e75febc02d9d
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:   751956 b77e882ed9558a09398c2fba334e5b4a
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:  3735798 bb034b2e756aa35cd5fa9e01a0485b13
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:    31696 d2c9b1fbc10e89e7868e16fb4c97700d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:   866818 3419fdaff605b7ddd485a205c1dd1661
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:     1030 c41835cc5573c0e53610e79766b88d11
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:  4027834 28436948c3dd298ad38b3c46f69f2cb4
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:  1046750 1a70c30abb13449d00a2b34c17c79f17
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:  4534216 49cdfeada4c40365e2392a768739d706
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:    50104 770378e5ac290729b2943d956cad9c57

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:   654878 5f8ad153b0a27e9190e5b754e8174ee7
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:     1032 4de6d72cf1f61d6754475a0dd1fe4561
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:  3918544 0f83d76853299d10f98842b15b8e7db1
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:   867566 cb3a0eb20c71bd8017853de9ea838f7f
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:  3911882 fd55c787eb9f30f2e143fac490ea4198
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:    34484 e3df6ab97d5e68cbb6346240e4532efc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:   457778 f25f1ebbbb4a5ce7b7a4a79c6256987e
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:     1040 9882ea5db94e569a35209a66c74bb390
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:  3815032 321dd2b80abad424b678f260d18f323a
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:   692196 733bfa10857d842bd907f408b03a8b3d
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:  3008672 81a0d0613ebe7b9affcd56174e1f955c
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:    27934 68de12bace4cf3de7a339b25119b1611

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:   657066 7e2c9980c630b3aa1e60348a4998665a
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:     1032 3da5c1e82b6194beac8fe7020a38d7a3
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:  3384320 edfa53822abb7626b2bfd6ac4d5923df
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:   781078 f4a7b2e1bbd95c9381503b382d35ba58
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:  4017490 ddca3a084b7c9f1b841bd3f93e39a1d0
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:    32314 51f707f1c1d3df1c3ad05dc545512c10

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:   653526 e7a527c0ed8475df75b3803690081445
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:     1038 e7b83c957a6c6822ee5614574653d80e
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:  3125384 4446da60977e961ca64ec93a331b0803
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:   781672 14e3d605298699dc99e2e5e20310c6b2
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:  3967890 3ab0c5407e2b5816ad55e47d7c256869
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:    32434 4f171621c453755b731ce34bad930a62

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:   625118 41b2364e5073cd1e177fd6c3e5f455c5
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:     1038 2d18de4839ef016646127f4a104f17a1
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:  3509324 77fe7a0288d42bbe7abc9357682cdc1b
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:   790116 9e189589ef99e78d0f0ddef4fb06440e
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:  3701264 886260a4033209be2431ff908cc032e5
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:    33582 ec48dc685b7ac64fb722458e0954edc8

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:   604116 a2e6f8ee63267dfcf3df2e05f92ce958
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:     1032 4d6c1ce7b2f9789fc31cc2440f39a832
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:  3819738 c9523a97cd0716e67821dd6e7508615f
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:   800132 ebfc849dbaf0be2afa771a3d5b632467
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:  4234804 30fcc4ea55599b8365a0f96153755466
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:    33244 a55373a563d2546d1286f7fb4de11710

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:   582422 8ec81b47b82fdb3602c42c6fa0559793
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:     1038 ebbf066210ca33b4282cf347cc771cca
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:  3547312 a609080c2c788fd382f970c21b22d9e7
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:   775666 0e0a56ce4bb224e7bc96ea68ac741d8b
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:  3840718 e9ded2d7974b51fbf7933b455b45b604
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:    31034 8cf1966a2428838c58f0fab423b8e16a


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDy7p4W5ql+IAeqTIRAggQAJ9QzFo5QmujczEPZvsdb6HJtLNx3ACgn+zo
uVe4ZQyXLpXGZ44f+iUjBAw=
=Exq6
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F42258)

Trustix Secure Linux Security Advisory 2005.70 (PacketStormID:F42258)
2005-12-14 00:00:00
Trustix  http.trustix.org
advisory,kernel,perl,vulnerability
linux
CVE-2005-3807,CVE-2005-3784,CVE-2005-3857,CVE-2005-3962
[点击下载]

Trustix Secure Linux Security Advisory #2005-0070 - Multiple kernel vulnerabilities and a perl vulnerability have been addressed in this advisory.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0070

Package names:	   kernel, perl
Summary:           Multiple vulnerabilities
Date:              2005-12-09
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  kernel
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process 
  allocation, device input and output, etc.

  perl
  Perl is a high-level programming language with roots in C, sed, awk and
  shell scripting. Perl is good at handling processes and files, and is 
  especially good at handling text. Perl's hallmarks are practicality and
  efficiency. While it is used to do a lot of different things, Perl's 
  most common applications (and what it excels at) are probably system
  administration utilities and web programming. A large proportion of the
  CGI scripts on the web are written in Perl. You need the perl package 
  installed on your system so that your system can handle Perl scripts.

Problem description:
  kernel < TSL 3.0 >
  - New Upstream.
  - SECURITY Fix: Memory leak in the VFS file lease handling in locks.c
    allows local users to cause a denial of service via certain Samba
    activities that cause an fasync entry to be re-allocated by the
    fcntl_setlease function after the fasync queue has already been 
    cleaned by the locks_delete_lock function.
  - The auto-reap of child processes in Linux kernel 2.6 includes 
    processes with ptrace attached, which leads to a dangling ptrace 
    reference and allows local users to cause a denial of service (crash).
  - The time_out_leases function in locks.c allows local users to cause a
    denial of service (kernel log message consumption) by causing a large
    number of broken leases, which is recorded to the log using the printk
    function.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2005-3807, CVE-2005-3784 and CVE-2005-3857 to
    these issues.
  
  perl < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
  - SECURITY Fix: Integer overflow in the format string functionality
    (Perl_sv_vcatpvfn) allows attackers to overwrite arbitrary memory and
    possibly execute arbitrary code via format string specifiers with
    large values.

    The Common Vulnerabilities and Exposures project has assigned the
    name CVE-2005-3962 to this issue.

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/> and
  <URI:http://www.trustix.org/errata/trustix-3.0/>
  or directly at
  <URI:http://www.trustix.org/errata/2005/0070/>


MD5sums of the packages:
- --------------------------------------------------------------------------
0a2350d4e0d9965f62cdf5888bcb0f59  2.2/rpms/perl-5.8.5-9tr.i586.rpm

f9fcbc28250c9e5814e42efcc9f43d8a  3.0/rpms/kernel-2.6.14.3-1tr.i586.rpm
358f51e0ff323ff75181c6c4e2bc6344  3.0/rpms/kernel-doc-2.6.14.3-1tr.i586.rpm
d947bd6c4c87baebb8c0de07e318eb5c  3.0/rpms/kernel-headers-2.6.14.3-1tr.i586.rpm
c310a3663bb59f7e239646ec666ca7e8  3.0/rpms/kernel-smp-2.6.14.3-1tr.i586.rpm
bb7bcc9f91b3d7ca8e4788130db0b6d4  3.0/rpms/kernel-smp-headers-2.6.14.3-1tr.i586.rpm
3ee05562361906884b990a716c16ed3f  3.0/rpms/kernel-source-2.6.14.3-1tr.i586.rpm
6701845da1900ff436de6430b30a20d5  3.0/rpms/kernel-utils-2.6.14.3-1tr.i586.rpm
cace6154ca9297d263abd04f1ac25358  3.0/rpms/perl-5.8.7-2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDmYf9i8CEzsK9IksRAtU1AKCJopgOZjGXM3TtHo5OV1IaLs+EJwCcC8cO
Xp05qp76jXh0ylSZnzU14ls=
=ycF8
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F42042)

Ubuntu Security Notice 222-1 (PacketStormID:F42042)
2005-12-03 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,perl
linux,ubuntu
CVE-2005-3962
[点击下载]

Ubuntu Security Notice USN-222-1 - Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program.

===========================================================
Ubuntu Security Notice USN-222-1	  December 02, 2005
perl vulnerability
CVE-2005-3962
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

perl-base

The problem can be corrected by upgrading the affected package to
version 5.8.4-2ubuntu0.5 (for Ubuntu 4.10), 5.8.4-6ubuntu1.1 (for
Ubuntu 5.04), or 5.8.7-5ubuntu1.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Jack Louis of Dyad Security discovered that Perl did not sufficiently
check the explicit length argument in format strings. Specially
crafted format strings with overly large length arguments led to a
crash of the Perl interpreter or even to execution of arbitrary
attacker-defined code with the privileges of the user running the Perl
program.

However, this attack was only possible in insecure Perl programs which
use variables with user-defined values in string interpolations
without checking their validity.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5.diff.gz
      Size/MD5:    60449 138a02883a2dbe7a64ab04afdd66e9d9
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5.dsc
      Size/MD5:      727 703d3ffd2a87bde7c541c6e8e837aadb
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
      Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.5_all.deb
      Size/MD5:    37058 bd3315452eecd9d428dabe16e53f2ded
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.5_all.deb
      Size/MD5:  7049780 5786917c60337ce874fe75bd3356ca12
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.5_all.deb
      Size/MD5:  2181250 7c97e5758dfff350f684ba84aab0a2dc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5:   605446 b75c1a5bf7e1663f74c99fe3b42ceab7
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5:     1030 010890e33535d7a9b5f3c29fb18c2278
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5:   787320 7028286655aa8f1583cbc33de1769810
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5:  3819880 c0234ca782a1821ceb46a6e3f31c5040
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5:    32838 298ae33f6e488bb5676358862672bf7d
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_amd64.deb
      Size/MD5:  3834290 ea9cb2fe0d5da2cf9f41280d82af236f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5:   546916 c1696ad6b6cc8b135ef8b9b3c4d641dc
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5:   494116 6969f99be7a08e72397f88141cf792fa
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5:   727682 8df403b46255458380f8f1cc470695cf
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5:  3631196 8b2c590421d6fb1990c10cbbd082127e
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5:    30812 e59daea11508610cce6fbfe1d1d27352
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_i386.deb
      Size/MD5:  3229772 b29f36a2a1d486b13b021785ae7416e4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5:   561030 3d81dd76a5b743776b4c8b9596199075
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5:     1036 febc4be8e86ba57988038b2245098602
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5:   718498 5e1d9871793e853806968c95d065da8c
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5:  3817110 71b313d4d4e8fbaf159c570ca8a67ccc
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5:    30564 869d07e824d69d9eb729ffac2ee3e307
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_powerpc.deb
      Size/MD5:  3477134 5bc641ebc225d4df2d758a27bc4b076d

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1.diff.gz
      Size/MD5:    85222 f860ad98b388fe9b8bb86cc7e35345c7
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1.dsc
      Size/MD5:      744 a7ed7714ee125e9ef47ad3815ef631d9
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
      Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-6ubuntu1.1_all.deb
      Size/MD5:    37848 e127ed7dfc844352edc5decfce571304
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-6ubuntu1.1_all.deb
      Size/MD5:  7050018 04f464518415aba917f23fb92aa2c692
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-6ubuntu1.1_all.deb
      Size/MD5:  2178096 dd899c9f55a68afd7b9fbfd20be24e6d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5:   605492 e7ced10f4d56325865215644ca3cf206
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5:     1032 0de0991b480a41be576e0eb314cf9076
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5:   791098 48622e7501239e1bf514a478958e641f
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5:  3825826 86680f4b3ec293e8ff7d6766aa8e34fc
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5:    32840 9087597015a77995be3fae92dc8875dd
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_amd64.deb
      Size/MD5:  3833986 0e950b7f25c2c2d133cdc5deeed083bc

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5:   547172 be2b0d1b086af1fe4de25456d8db0a32
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5:   494206 a23e58dc0ed626af909d7b5d6992665c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5:   731022 5cbdd58be91bec1b8bda5b9e0ce5041c
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5:  3630452 340473c47f02b82e3ab58ebce8a2cb4c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5:    30464 5c493e827dcd495f0a74be1cb7d76d26
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_i386.deb
      Size/MD5:  3230234 6dfd8e1ffc89ab95f380093ae676829a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5:   625218 71310d2d768fe03cf6a9a23a4d43298a
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5:     1044 45d4349e536701ce7ed8032056da3ba0
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5:   789578 1ff2f2abd2469dc46cb7cbda0d9be51d
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5:  3588104 2fbb1cb36d1f38af8a165397bbe08695
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5:    33578 9b2011b06bf9837f88d24cbc4051067c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_powerpc.deb
      Size/MD5:  3509086 5029a74793ea9a46ddf8053a94193d21

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1.diff.gz
      Size/MD5:   134597 d5eb14b2a7b72b5fef014284cb989404
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1.dsc
      Size/MD5:      724 cc3cd8ed85ab22c3dc5bcc28e4dfa166
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz
      Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-5ubuntu1.1_all.deb
      Size/MD5:    39132 1698e69173383d40dbf7265ea9c31c75
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-5ubuntu1.1_all.deb
      Size/MD5:  7206644 da242594035cf2bf1e7f7e73e67c2562
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-5ubuntu1.1_all.deb
      Size/MD5:  2325766 7f69e0426eca9092f4e0da8c12be7cb5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5:   641136 5f3b2d6818b93ce69f45c2225475f994
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5:     1008 909ca536921167aa03a9bcfe17504ecc
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5:   819570 323c17484cbcdd2325016faa41954d9d
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5:  2689162 81924c3f4ea92a95efe6ca26a9e93d35
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5:    31392 7b62c900f9d4226baf46536f33aa43cb
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_amd64.deb
      Size/MD5:  3974714 ec727b329279874b06c3a1ff4eaf013d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5:   560106 4a7bfbf041785c53c17549b9fe8b5651
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5:   505946 8b87d461dd40e550869ab377449cd07b
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5:   737400 49b7d3f90c86c53c75dddaf1c7451b01
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5:  2453904 932044f5e5b32e7cbe7ebe7ba1787806
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5:    28828 1824f7c1147d4039b5ad8e0880329fc2
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_i386.deb
      Size/MD5:  3297136 39cdfaba9743158eb0f770e2caec2adc

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5:   656086 7fbb2c2885063467fb63ceadf83856e0
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5:     1008 c463dda6c6b94f4a279d8180924c1fa3
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5:   814770 ba1a2147b2717afdeb6bc6c603748684
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5:  2646280 c7debfc211977a5587eeb353dcf9ac09
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5:    31994 635f808e87308177acc302816f65a566
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_powerpc.deb
      Size/MD5:  3657374 cbe8f520cc8e821b288c06af052822f6
    

- 漏洞信息

21345
Perl Explicit Format Parameter Index Overflow
Local Access Required Input Manipulation
Loss of Integrity

- 漏洞描述

Perl contains a flaw that when handling a format string containing an explicit format parameter index that exceeds INT_MAX which can result in an illegal memory access. With a specially crafted request, an attacker can cause the crash of a Perl application resulting in a loss of availability.

- 时间线

2005-12-01 2005-09-23
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Dyad Security has released an unofficial patch to address this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站