Mandriva Linux Security Advisory 2013-113 - It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code. Various other issues were also addressed.
d121a52e5d21e1a1d884bfa0b4351192f0257e3310ec24006cce477233f1c93a
Mandriva Linux Security Advisory 2013-086 - contrib/pdfmark/pdfroff.sh in GNU troff before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. The contrib/gdiffmk/tests/runtests.in scripts in GNU troff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. The contrib/eqn2graph/eqn2graph.sh, contrib/pic2graph/pic2graph.sh scripts in GNU troff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. The contrib/groffer/perl/roff2.pl scripts in GNU troff 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. The updated packages have been patched to correct these issues.
0de17ba22272b3a3d36b067a2beabe8eb38298c3d26a34deb5b497588491615c
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
5c72669b877d940ffaae5144aa3ab5ba0497fcbc93e5c1828e49dcfce655d715
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
a54666e93f8139c9c290eb8d0f049a718401c5cb7c9ff5e4da4b80f47982adb0
Red Hat Security Advisory 2013-0685-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.
ac3fdd7299785f237b23d812f30be939d6a7f1979b5d7e5891f630a611337ac3
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
41bfa76a0f30836f748df3bae1e6d18768164aff324a3ee88f2b0fac668f3430
Debian Linux Security Advisory 2641-2 - The security fix applied to the perl package due to CVE-2013-1667 introduced a test failure in libapache2-mod-perl2 source package specific to the rehash mechanism in Perl.
9110a5cd25bf6b009461ac1ef7158b28b213084bd41e72df243bc8995f0f12c0
Ubuntu Security Notice 1770-1 - Yves Orton discovered that Perl incorrectly handled hashing when using user-provided hash keys. An attacker could use this flaw to perform a denial of service attack against software written in Perl.
160400c43f751227a821754c592c2c0991ab85529006ea92b840a9c891041806
Slackware Security Advisory - New perl packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-1667.
61afc6e373cc8a2593e5f9cf519ab0b62c9ed5882774a848c94de205325acb57
Debian Linux Security Advisory 2641-1 - Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion.
ef0581bda2d7d39d4ac6b0e3f50de6b4185b95f6484441e99e710f8202e9a548
This is a simple perl script that will scan a given IP range and extract the Common Name from all SSL certificates. It is useful for discovery during penetration tests.
8bee3b0c0b06ba802a3816adb1b076af310701d747f2d5b5a2c0056512339dd9
Red Hat Security Advisory 2013-0515-02 - The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls. With this update, the code has been generated with an updated version of PIDL to correct this issue. The openchange packages have been upgraded to upstream version 1.0, which provides a number of bug fixes and enhancements over the previous version, including support for the rebased samba4 packages and several API changes.
5c9dd4885b245ecf8ed98fec1242a39231d294c129bcbb7e1f55c61f932d8dc5
Red Hat Security Advisory 2013-0506-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. The samba4 packages have been upgraded to upstream version 4.0.0, which provides a number of bug fixes and enhancements over the previous version. In particular, improved interoperability with Active Directory domains. SSSD now uses the libndr-krb5pac library to parse the Privilege Attribute Certificate issued by an AD Key Distribution Center .
b4f586366b5141c1d1a1fbcbba40b5840262fafcced1a44a41f7ab8f27a62fcb
This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext, which Foswiki uses to provide translations when {UserInterfaceInternationalization} is enabled in the configuration. Because of this vulnerability it may be possible for a user to invoke arbitrary perl modules on the server through a crafted macro.
023db9151bd2be81fe7fb2120f8132f7dc0869271e0ab523331a0d259b93ee55
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
5ac32a9f5919e2aacba845b13f0462fa75bf8dcf78d7edca80b390ceb59f5d75
This tool is a wrapper for the reaver WPS attack toolkit. As there is no automatic way to prescan, decide, and then start the attack, this wrapper takes care of it. Written in perl.
77f6680aaa3369a21bf84af444e0c5a958ed4d7faae9912a95ebde099266e156
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
f2f13eb92aabdf5dc35dc7bc6bf3c0871c6c250dddadca85516f3dcb5686d4da
Mandriva Linux Security Advisory 2013-005 - Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via the x string repeat operator. The updated packages have been patched to correct this issue.
a30259c8c48c9d4f240f41c98a0bacfa483a7a6f42946a30309aa57aa4c6b8ec
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
5aef8c3878ccdf4212191b79817bd3ebee7e973b448abb904f5c4514370f4194
Secunia Security Advisory - Two vulnerabilities have been reported in Perl, which can be exploited by malicious users to compromise an application using the module.
e0fe995f2a1f2b7ee357e071d608d69601a46bc917817fd8579cf280509f10fa
This Metasploit module exploits a vulnerability in the MAKETEXT Foswiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since the input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. Only Foswiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set) are vulnerable. If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the FoswikiPage option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware image.
1dfa323fc74f3423aec71ecc1cde0b04c26eea7a42d6702fc3d9df74654857c2
This Metasploit module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. This works in TWiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set). If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the 'TwikiPage' option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.
6a462fdc51b0c493b941a326fd05e71eb12bf8bedb39c652d6c549a65bf5b2d5
Mandriva Linux Security Advisory 2012-180 - CGI.pm module before 3.63 for Perl does not properly escape newlines in P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. The updated packages have been patched to correct this issue.
19ab60ea5b5148e621788d3fb0be25b507bfbb91c924e4f9f8e25f7420419f2d
Debian Linux Security Advisory 2587-1 - It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers.
cfd5541265fe776ae15056217e4875ff0f3a904361d5c687f2c8ee23ca0a3716
Debian Linux Security Advisory 2586-1 - Two vulnerabilities were discovered in the implementation of the Perl programming language.
76a3e485793224f6aa5ba668af28ee8d4ace03df744e5c0ad94b470ffdf4e131