CERTA-2005-AVI-486
Vulnerability from certfr_avis - Published: 2005-12-09 - Updated: 2006-03-02
Une vulnérabilité présente dans Perl permet à un utilisateur distant de provoquer un déni de service.
Description
Une erreur de type chaîne de format présente dans une fonction de l'interpréteur de commandes Perl permet à un utilisateur distant mal intentionné de provoquer l'arrêt inopiné de cet interpréteur et par extension l'arrêt de l'application qui l'utilise. Cette vulnérabilité peut être exploitée par le biais d'une chaîne de caractères malicieusement construite passée en paramètre à l'application vulnérable.
Solution
Se référer au bulletin de l'éditeur pour l'obtention de correctifs (cf. Documentation).
NoneReferences
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Perl 5.8.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Perl 5.9.2.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne erreur de type cha\u00eene de format pr\u00e9sente dans une fonction de\nl\u0027interpr\u00e9teur de commandes Perl permet \u00e0 un utilisateur distant mal\nintentionn\u00e9 de provoquer l\u0027arr\u00eat inopin\u00e9 de cet interpr\u00e9teur et par\nextension l\u0027arr\u00eat de l\u0027application qui l\u0027utilise. Cette vuln\u00e9rabilit\u00e9\npeut \u00eatre exploit\u00e9e par le biais d\u0027une cha\u00eene de caract\u00e8res\nmalicieusement construite pass\u00e9e en param\u00e8tre \u00e0 l\u0027application\nvuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de l\u0027\u00e9diteur pour l\u0027obtention de correctifs (cf.\nDocumentation).\n",
"cves": [],
"initial_release_date": "2005-12-09T00:00:00",
"last_revision_date": "2006-03-02T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-943 du 16 janvier 2006 :",
"url": "http://www.debian.org/security/2006/dsa-943"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005:881 du 20 d\u00e9cembre 2005 :",
"url": "http://rhn.redhat.com/errata/RHSA-2005-881.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200512-01 du 07 d\u00e9cembre 2005 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"title": "Site de Perl :",
"url": "http://www.perl.org"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de l\u0027US-CERT VU#946969 :",
"url": "http://www.kb.cert.org/vuls/id/946969"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #102192 du 28 f\u00e9vrier 2006 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de l\u0027US-CERT VU#948385 :",
"url": "http://www.kb.cert.org/vuls/id/948385"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2005:225 du 08 d\u00e9cembre 2005 :",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005:880 du 20 d\u00e9cembre 2005 :",
"url": "http://rhn.redhat.com/errata/RHSA-2005-880.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SA:2005:071 du 20 d\u00e9cembre 2005 :",
"url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu #USN-222-1 : http://www.ubuntulinux.org/support/documentation/usn/usn-222-1",
"url": "http://www.ubuntulinux.org/support/documentation/usn/usn-221-1"
}
],
"reference": "CERTA-2005-AVI-486",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-12-09T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2005:225.",
"revision_date": "2005-12-13T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 SUSE SUSE-SA:2005:071, RedHat RHSA-2005:880 et RedHat RHSA-2005:881.",
"revision_date": "2005-12-21T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian DSA-943.",
"revision_date": "2006-01-16T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Solaris.",
"revision_date": "2006-03-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans Perl permet \u00e0 un utilisateur distant de\nprovoquer un d\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 de Perl",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 de l\u0027US-CERT VU#948385 et VU#946969",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…