CPANSA-Locale-Maketext-2012-6329: Locale-Maketext vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2013-01-04T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2013-01-04T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | Severity | ||
Original language | Language | en | |
Also referred to |
Vulnerability Description
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
Vulnerabilities
CVE-2012-6329
Vulnerability DescriptionThe _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
Weakness | CWE-94 : Improper Control of Generation of Code ('Code Injection') |
---|
Product status
Known affected
Product | Score | ||||||||
---|---|---|---|---|---|---|---|---|---|
Locale-Maketext less than 1.25 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Locale-Maketext-2012-6329 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2013/cpansa-locale-maketext-2012-6329.json - http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8 external
http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8 - http://sourceforge.net/mailarchive/message.php?msg_id=30219695 external
http://sourceforge.net/mailarchive/message.php?msg_id=30219695 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224 external
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224 - http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 external
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 - http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod external
http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod - http://openwall.com/lists/oss-security/2012/12/11/4 external
http://openwall.com/lists/oss-security/2012/12/11/4 - http://code.activestate.com/lists/perl5-porters/187763/ external
http://code.activestate.com/lists/perl5-porters/187763/ - http://code.activestate.com/lists/perl5-porters/187746/ external
http://code.activestate.com/lists/perl5-porters/187746/ - https://bugzilla.redhat.com/show_bug.cgi?id=884354 external
https://bugzilla.redhat.com/show_bug.cgi?id=884354 - http://rhn.redhat.com/errata/RHSA-2013-0685.html external
http://rhn.redhat.com/errata/RHSA-2013-0685.html - http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 external
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032 external
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032 - http://www.ubuntu.com/usn/USN-2099-1 external
http://www.ubuntu.com/usn/USN-2099-1 - http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html external
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - http://www.securityfocus.com/bid/56950 external
http://www.securityfocus.com/bid/56950 - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 external
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 external
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - CVE-2012-6329 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2012-6329
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Fri Jan 4 00:00:00 2013 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/