CPANSA-perl-2011-1487: perl vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2011-04-11T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2011-04-11T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Vulnerabilities
CVE-2011-1487
Vulnerability DescriptionThe (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
| Weakness | CWE-264 : Permissions, Privileges, and Access Controls |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| perl less than 5.14.0 |
|
Fixed
- perl greater than or equal 5.14.0
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-perl-2011-1487 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2011/cpansa-perl-2011-1487.json - https://bugzilla.redhat.com/show_bug.cgi?id=692844 external
https://bugzilla.redhat.com/show_bug.cgi?id=692844 - http://openwall.com/lists/oss-security/2011/04/01/3 external
http://openwall.com/lists/oss-security/2011/04/01/3 - http://openwall.com/lists/oss-security/2011/04/04/35 external
http://openwall.com/lists/oss-security/2011/04/04/35 - https://bugzilla.redhat.com/show_bug.cgi?id=692898 external
https://bugzilla.redhat.com/show_bug.cgi?id=692898 - http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336 external
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336 - http://secunia.com/advisories/43921 external
http://secunia.com/advisories/43921 - http://www.securityfocus.com/bid/47124 external
http://www.securityfocus.com/bid/47124 - http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99 external
http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99 - http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html external
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html - http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html external
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html - http://secunia.com/advisories/44168 external
http://secunia.com/advisories/44168 - http://www.debian.org/security/2011/dsa-2265 external
http://www.debian.org/security/2011/dsa-2265 - http://www.mandriva.com/security/advisories?name=MDVSA-2011:091 external
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091 - http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html external
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html - https://exchange.xforce.ibmcloud.com/vulnerabilities/66528 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528 - CVE-2011-1487 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2011-1487
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Mon Apr 11 00:00:00 2011 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/