Vulnerability Note VU#948385

Perl contains an integer sign error in format string processing

Original Release date: 06 Dec 2005 | Last revised: 30 Aug 2012

Overview

The Perl interpreter contains a flaw that may increase the impact of format string vulnerabilities in programs written in Perl.

Description

Perl is a programming language used in many applications and commonly used for web applications. The Perl interpreter, which interprets and executes Perl programs, contains an integer sign error in its format string processing for formatted I/O.

Impact

An attacker may leverage this vulnerability to increase the impact a format string vulnerability in a Perl program. This vulnerability in the Perl interpreter is not directly exploitable.

Solution

Patch the Perl interpreter per vendor instructions.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Fedora ProjectAffected-28 Dec 2005
Gentoo LinuxAffected-08 Dec 2005
Mandriva, Inc.Affected-28 Dec 2005
OpenPKGAffected-06 Dec 2005
Perl DevelopersAffected01 Dec 200528 Dec 2005
Red Hat, Inc.Affected-28 Dec 2005
SUSE LinuxAffected-28 Dec 2005
Trustix Secure LinuxAffected-28 Dec 2005
UbuntuAffected-06 Dec 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 0.0 AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal 0.0 E:ND/RL:ND/RC:ND
Environmental 0.0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Jack Louis of Dyad Security, Inc. for reporting this vulnerability.

This document was written by Hal Burch.

Other Information

  • CVE IDs: CVE-2005-3962
  • Date Public: 01 Dec 2005
  • Date First Published: 06 Dec 2005
  • Date Last Updated: 30 Aug 2012
  • Document Revision: 40

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.