exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2005-3962

Status Candidate

Overview

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Related Files

HP Security Bulletin 2006-11.5
Posted Jul 2, 2006
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified in Perl 5.8.2 and earlier running on HP Tru64 UNIX. These vulnerabilities could be exploited by a local user to execute unauthorized code.

tags | advisory, local, perl, vulnerability
systems | unix
advisories | CVE-2005-3962
SHA-256 | d23a8ee6f8d087198ee77c28904792640cf69c9be7a9730cfe5d3211938739c9
Debian Linux Security Advisory 943-1
Posted Jan 22, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 943-1 - Jack Louis discovered an integer overflow in Perl, Larry Wall's Practical Extraction and Report Language, that allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via specially crafted content that is passed to vulnerable format strings of third party software.

tags | advisory, overflow, arbitrary, perl
systems | linux, debian
advisories | CVE-2005-3962
SHA-256 | 418585b662fa3f0b96fc83f0a0222571bfad3e5b4be53af7f5c8f8187924280a
Trustix Secure Linux Security Advisory 2005.70
Posted Dec 14, 2005
Authored by Trustix | Site http.trustix.org

Trustix Secure Linux Security Advisory #2005-0070 - Multiple kernel vulnerabilities and a perl vulnerability have been addressed in this advisory.

tags | advisory, kernel, perl, vulnerability
systems | linux
advisories | CVE-2005-3807, CVE-2005-3784, CVE-2005-3857, CVE-2005-3962
SHA-256 | 9fb8586d1071b91a0ddf0e2fd5bab8c2f75ccfb7324332719c2e70603832cd40
Ubuntu Security Notice 222-1
Posted Dec 3, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-222-1 - Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program.

tags | advisory, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2005-3962
SHA-256 | bfe55a56e657241ef7dc2839ec85a1d525daa274af5d85c1db814fa6967a6512
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close