medium
5
CWE
264
Advisory Published
CVE Published
Updated

CVE-2011-1487

First published: Fri Apr 01 2011(Updated: )

A security flaw was found in the way Perl performed laundering of tainted data. A remote attacker could use this flaw to bypass Perl TAINT mode protection mechanism (leading to commands execution on dirty arguments or file system access via contaminated variables) via specially-crafted input provided to the web application / CGI script. Upstream bug report: <a href="http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336">http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336</a> Relevant patch: <a href="http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99">http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99</a> References: [1] <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED DUPLICATE - lc launders tainted flag" href="show_bug.cgi?id=692844">https://bugzilla.redhat.com/show_bug.cgi?id=692844</a>

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Perl=5.10.0-rc2
Perl=5.10.1
Perl=5.10.1-rc1
Perl=5.10.0
Perl=5.10.0-rc1
Perl=5.10.1-rc2
Perl=5.13.10
Perl=5.13.8
Perl=5.13.0
Perl=5.13.5
Perl=5.13.3
Perl=5.13.6
Perl=5.13.11
Perl=5.13.7
Perl=5.13.1
Perl=5.13.4
Perl=5.13.9
Perl=5.13.2
Perl=5.11.2
Perl=5.11.1
Perl=5.11.5
Perl=5.11.0
Perl=5.11.3
Perl=5.11.4
Perl=5.12.0-rc1
Perl=5.12.0-rc4
Perl=5.12.0-rc3
Perl=5.12.1-rc1
Perl=5.12.3-rc3
Perl=5.12.3
Perl=5.12.1-rc2
Perl=5.12.0-rc2
Perl=5.12.0
Perl=5.12.3-rc1
Perl=5.12.2
Perl=5.12.3-rc2
Perl=5.12.2-rc1
Perl=5.12.0-rc0
Perl=5.12.0-rc5
Perl=5.12.1

Remedy

http://openwall.com/lists/oss-security/2011/04/01/3

Remedy

http://openwall.com/lists/oss-security/2011/04/04/35

Remedy

http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=692898

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2011-1487?

    CVE-2011-1487 has a moderate severity as it allows attackers to bypass the Perl TAINT mode protection mechanism.

  • How do I fix CVE-2011-1487?

    To fix CVE-2011-1487, users should upgrade to the latest patched version of Perl that addresses this vulnerability.

  • Which versions of Perl are affected by CVE-2011-1487?

    CVE-2011-1487 affects Perl versions 5.10.0, 5.10.1, 5.11.x, and 5.12.x among others.

  • What kind of attacks can be executed due to CVE-2011-1487?

    Exploitation of CVE-2011-1487 could lead to code execution on dirty arguments or unauthorized file system access.

  • Is there a known exploit for CVE-2011-1487?

    Yes, CVE-2011-1487 has been discussed in security circles, but specific exploits would depend on the context and implementation.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203