CVE-2011-1487
First published: Fri Apr 01 2011(Updated: )
A security flaw was found in the way Perl performed laundering of tainted data. A remote attacker could use this flaw to bypass Perl TAINT mode protection mechanism (leading to commands execution on dirty arguments or file system access via contaminated variables) via specially-crafted input provided to the web application / CGI script. Upstream bug report: <a href="http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336">http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336</a> Relevant patch: <a href="http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99">http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99</a> References: [1] <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED DUPLICATE - lc launders tainted flag" href="show_bug.cgi?id=692844">https://bugzilla.redhat.com/show_bug.cgi?id=692844</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Perl Perl | =5.10.0-rc2 | |
| Perl Perl | =5.10.1 | |
| Perl Perl | =5.10.1-rc1 | |
| Perl Perl | =5.10.0 | |
| Perl Perl | =5.10.0-rc1 | |
| Perl Perl | =5.10.1-rc2 | |
| Perl Perl | =5.13.10 | |
| Perl Perl | =5.13.8 | |
| Perl Perl | =5.13.0 | |
| Perl Perl | =5.13.5 | |
| Perl Perl | =5.13.3 | |
| Perl Perl | =5.13.6 | |
| Perl Perl | =5.13.11 | |
| Perl Perl | =5.13.7 | |
| Perl Perl | =5.13.1 | |
| Perl Perl | =5.13.4 | |
| Perl Perl | =5.13.9 | |
| Perl Perl | =5.13.2 | |
| Perl Perl | =5.11.2 | |
| Perl Perl | =5.11.1 | |
| Perl Perl | =5.11.5 | |
| Perl Perl | =5.11.0 | |
| Perl Perl | =5.11.3 | |
| Perl Perl | =5.11.4 | |
| Perl Perl | =5.12.0-rc1 | |
| Perl Perl | =5.12.0-rc4 | |
| Perl Perl | =5.12.0-rc3 | |
| Perl Perl | =5.12.1-rc1 | |
| Perl Perl | =5.12.3-rc3 | |
| Perl Perl | =5.12.3 | |
| Perl Perl | =5.12.1-rc2 | |
| Perl Perl | =5.12.0-rc2 | |
| Perl Perl | =5.12.0 | |
| Perl Perl | =5.12.3-rc1 | |
| Perl Perl | =5.12.2 | |
| Perl Perl | =5.12.3-rc2 | |
| Perl Perl | =5.12.2-rc1 | |
| Perl Perl | =5.12.0-rc0 | |
| Perl Perl | =5.12.0-rc5 | |
| Perl Perl | =5.12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=692844
- http://openwall.com/lists/oss-security/2011/04/01/3
- http://openwall.com/lists/oss-security/2011/04/04/35
- https://bugzilla.redhat.com/show_bug.cgi?id=692898
- http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
- http://secunia.com/advisories/43921
- http://www.securityfocus.com/bid/47124
- http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
- http://secunia.com/advisories/44168
- http://www.debian.org/security/2011/dsa-2265
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
- http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=692844
- http://www.openwall.com/lists/oss-security/2011/04/01/3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=692900
- http://www.openwall.com/lists/oss-security/2011/04/04/35
- https://rhn.redhat.com/errata/RHSA-2011-0558.html
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1487
- vendor/perl
- canonical/perl perl
- version/perl perl/5.10.0-rc2
- version/perl perl/5.10.1
- version/perl perl/5.10.1-rc1
- version/perl perl/5.10.0
- version/perl perl/5.10.0-rc1
- version/perl perl/5.10.1-rc2
- version/perl perl/5.13.10
- version/perl perl/5.13.8
- version/perl perl/5.13.0
- version/perl perl/5.13.5
- version/perl perl/5.13.3
- version/perl perl/5.13.6
- version/perl perl/5.13.11
- version/perl perl/5.13.7
- version/perl perl/5.13.1
- version/perl perl/5.13.4
- version/perl perl/5.13.9
- version/perl perl/5.13.2
- version/perl perl/5.11.2
- version/perl perl/5.11.1
- version/perl perl/5.11.5
- version/perl perl/5.11.0
- version/perl perl/5.11.3
- version/perl perl/5.11.4
- version/perl perl/5.12.0-rc1
- version/perl perl/5.12.0-rc4
- version/perl perl/5.12.0-rc3
- version/perl perl/5.12.1-rc1
- version/perl perl/5.12.3-rc3
- version/perl perl/5.12.3
- version/perl perl/5.12.1-rc2
- version/perl perl/5.12.0-rc2
- version/perl perl/5.12.0
- version/perl perl/5.12.3-rc1
- version/perl perl/5.12.2
- version/perl perl/5.12.3-rc2
- version/perl perl/5.12.2-rc1
- version/perl perl/5.12.0-rc0
- version/perl perl/5.12.0-rc5
- version/perl perl/5.12.1