CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#948385

Perl contains an integer sign error in format string processing

Overview

The Perl interpreter contains a flaw that may increase the impact of format string vulnerabilities in programs written in Perl.

I. Description

Perl is a programming language used in many applications and commonly used for web applications. The Perl interpreter, which interprets and executes Perl programs, contains an integer sign error in its format string processing for formatted I/O.

II. Impact

An attacker may leverage this vulnerability to increase the impact a format string vulnerability in a Perl program. This vulnerability in the Perl interpreter is not directly exploitable.

III. Solution

Patch the Perl interpreter per vendor instructions.

Systems Affected
VendorStatusDate Updated
Fedora ProjectVulnerable28-Dec-2005
Gentoo LinuxVulnerable8-Dec-2005
Mandriva, Inc.Vulnerable28-Dec-2005
OpenPKGVulnerable6-Dec-2005
Perl DevelopersVulnerable28-Dec-2005
Red Hat, Inc.Vulnerable28-Dec-2005
SUSE LinuxVulnerable28-Dec-2005
Trustix Secure LinuxVulnerable28-Dec-2005
UbuntuVulnerable6-Dec-2005

References

http://www.kb.cert.org/vuls/id/946969
http://www.dyadsecurity.com/perl-0002.html
http://secunia.com/advisories/17802/

Credit

Thanks to Jack Louis of Dyad Security, Inc. for reporting this vulnerability.

This document was written by Hal Burch.

Other Information

Date Public12/01/2005
Date First Published12/06/2005 02:14:12 PM
Date Last Updated12/28/2005
CERT Advisory 
CVE NameCVE-2005-3962
Metric0.00
Document Revision25

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2005 Carnegie Mellon University