CVE-2012-6329: Code Injection
First published: Thu Dec 06 2012(Updated: )
A commit to the upstream perl git repository [1] indicated that perl's Locale::Maketext was vulnerable to a flaw that could lead to arbitrary code execution of this function was executed on user-supplied input. Quoting the commit message: Case 61251: This commit fixes a misparse of maketext strings that could lead to arbitrary code execution. Basically, maketext was compiling bracket notation into functions, but neglected to escape backslashes inside the content or die on fully-qualified method names when generating the code. This change escapes all such backslashes and dies when a method name with a colon or apostrophe is specified. [1] <a href="http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8">http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Perl Perl | <=5.16.2 | |
| Perl Perl | =5.10 | |
| Perl Perl | =5.10.0 | |
| Perl Perl | =5.10.0-rc1 | |
| Perl Perl | =5.10.0-rc2 | |
| Perl Perl | =5.10.1 | |
| Perl Perl | =5.10.1-rc1 | |
| Perl Perl | =5.10.1-rc2 | |
| Perl Perl | =5.11.0 | |
| Perl Perl | =5.11.1 | |
| Perl Perl | =5.11.2 | |
| Perl Perl | =5.11.3 | |
| Perl Perl | =5.11.4 | |
| Perl Perl | =5.11.5 | |
| Perl Perl | =5.12.0 | |
| Perl Perl | =5.12.0-rc0 | |
| Perl Perl | =5.12.0-rc1 | |
| Perl Perl | =5.12.0-rc2 | |
| Perl Perl | =5.12.0-rc3 | |
| Perl Perl | =5.12.0-rc4 | |
| Perl Perl | =5.12.0-rc5 | |
| Perl Perl | =5.12.1 | |
| Perl Perl | =5.12.1-rc1 | |
| Perl Perl | =5.12.1-rc2 | |
| Perl Perl | =5.12.2 | |
| Perl Perl | =5.12.2-rc1 | |
| Perl Perl | =5.12.3 | |
| Perl Perl | =5.12.3-rc1 | |
| Perl Perl | =5.12.3-rc2 | |
| Perl Perl | =5.12.3-rc3 | |
| Perl Perl | =5.13.0 | |
| Perl Perl | =5.13.1 | |
| Perl Perl | =5.13.2 | |
| Perl Perl | =5.13.3 | |
| Perl Perl | =5.13.4 | |
| Perl Perl | =5.13.5 | |
| Perl Perl | =5.13.6 | |
| Perl Perl | =5.13.7 | |
| Perl Perl | =5.13.8 | |
| Perl Perl | =5.13.9 | |
| Perl Perl | =5.13.10 | |
| Perl Perl | =5.13.11 | |
| Perl Perl | =5.14.0 | |
| Perl Perl | =5.14.0-rc1 | |
| Perl Perl | =5.14.0-rc2 | |
| Perl Perl | =5.14.0-rc3 | |
| Perl Perl | =5.14.1 | |
| Perl Perl | =5.14.2 | |
| Perl Perl | =5.14.3 | |
| Perl Perl | =5.16.0 | |
| Perl Perl | =5.16.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224
- http://code.activestate.com/lists/perl5-porters/187746/
- http://code.activestate.com/lists/perl5-porters/187763/
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://openwall.com/lists/oss-security/2012/12/11/4
- http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod
- http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://sourceforge.net/mailarchive/message.php?msg_id=30219695
- http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/56950
- http://www.ubuntu.com/usn/USN-2099-1
- https://bugzilla.redhat.com/show_bug.cgi?id=884354
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=884363
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=658787
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=658787&action=edit
- https://access.redhat.com/security/cve/CVE-2012-6329
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=884354
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=676781&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=676781&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=704920&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=704920&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=705056&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=705056&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=705349&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=705349&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=705351
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=705351&action=edit
- https://rhn.redhat.com/errata/RHSA-2013-0685.html
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/softwarecombine
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-6329
- vendor/perl
- canonical/perl perl
- version/perl perl/5.16.2
- version/perl perl/5.10
- version/perl perl/5.10.0
- version/perl perl/5.10.0-rc1
- version/perl perl/5.10.0-rc2
- version/perl perl/5.10.1
- version/perl perl/5.10.1-rc1
- version/perl perl/5.10.1-rc2
- version/perl perl/5.11.0
- version/perl perl/5.11.1
- version/perl perl/5.11.2
- version/perl perl/5.11.3
- version/perl perl/5.11.4
- version/perl perl/5.11.5
- version/perl perl/5.12.0
- version/perl perl/5.12.0-rc0
- version/perl perl/5.12.0-rc1
- version/perl perl/5.12.0-rc2
- version/perl perl/5.12.0-rc3
- version/perl perl/5.12.0-rc4
- version/perl perl/5.12.0-rc5
- version/perl perl/5.12.1
- version/perl perl/5.12.1-rc1
- version/perl perl/5.12.1-rc2
- version/perl perl/5.12.2
- version/perl perl/5.12.2-rc1
- version/perl perl/5.12.3
- version/perl perl/5.12.3-rc1
- version/perl perl/5.12.3-rc2
- version/perl perl/5.12.3-rc3
- version/perl perl/5.13.0
- version/perl perl/5.13.1
- version/perl perl/5.13.2
- version/perl perl/5.13.3
- version/perl perl/5.13.4
- version/perl perl/5.13.5
- version/perl perl/5.13.6
- version/perl perl/5.13.7
- version/perl perl/5.13.8
- version/perl perl/5.13.9
- version/perl perl/5.13.10
- version/perl perl/5.13.11
- version/perl perl/5.14.0
- version/perl perl/5.14.0-rc1
- version/perl perl/5.14.0-rc2
- version/perl perl/5.14.0-rc3
- version/perl perl/5.14.1
- version/perl perl/5.14.2
- version/perl perl/5.14.3
- version/perl perl/5.16.0
- version/perl perl/5.16.1