Secunia Security Advisory - SUSE has issued an update for perl-YAML-LibYAML. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the module.
c2591fd4454e96e7eccbd78fb20fae7cb9cd4ac857ef225bf7920faeb3c9f059Gentoo Linux Security Advisory 201208-5 - An insecure temporary file usage has been reported in the Perl Config-IniFiles module, possibly allowing symlink attacks. Versions below 2.710.0 are affected.
3bcd9906a91e0e60116a8e74a6871bf2c3d7a8bbd8baaef329447255da0a07b9This perl script attacks pBot by leveraging a hidden .eval command to delete and kill the bot.
19d0cd2419b1ba8636cb8720f58807484e2cd5fe55c43028edb94c4dfbfc419fSecunia Security Advisory - Red Hat has issued an update for perl-DBD-Pg. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the module.
76987ea6aa324b45021184bc8680f5b030fae09ebce3d2727c30a847c53866cbMandriva Linux Security Advisory 2012-112 - Two format string flaws were found in the way perl-DBD-Pg. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash. The updated packages have been patched to correct this issue.
cfc570df0e44378ae630c6244564f9a1b62cf1d12fda6e443031004d32e127ebRed Hat Security Advisory 2012-1116-01 - Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
6b9911606556711f6d311f9701a306c24b1afc6085dfd1dde7ad91431c552f38Nmap's man page mentions that "Nmap should never be installed with special privileges (e.g. suid root) for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This Metasploit module abuses a setuid nmap binary by writing out a lua nse script containing a call to os.execute(). Note that modern interpreters will refuse to run scripts on the command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby} payloads will most likely not work.
36e5626623975013ad17de674718bb242f7551a7c65755515d9aab44a7aa57eaJoomla web scanning perl script that gets the version, components and shows possible bugs.
0ab018e39405e6084e40c17103e2371d3366a4af2159ce098bae85b710b3f1abCryptfuscate Bundle provides a better, more secure, solution for obfuscating Perl code. Cryptfuscate Bundle consists of two main scripts, cryptfuscate.pl and executer.pl. cryptfuscate.pl creates an encrypted version of Perl module embedded text files using Blowfish AES encryption and encodes the module in base 64. executer.pl then can be packaged with the encrypted module and placed on a target's box. executer.pl can then be launched and given the correct encryption key and salt will decrypt the module, handle the module as a string, and execute the module using Perl's eval() function. This method of execution provides you with a safe and secure way to execute Perl code while keeping local users from being able to analyze the source code of your module. Cryptfuscate Bundle comes with a module to experiment with, a bind shell on port 62221.
1e5fa99ad3c862fb14e7fcf215948fd8267a9170c688498ba501be414b46b883Red Hat Security Advisory 2012-0876-04 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use this flaw to crash snmpd via a crafted SNMP GET request.
0c8e59b5862b260540cb82b2f28c910e34cfe4e663196688dfe6b2ae3d270f8bKolkata is a tool for IDS evading web application fingerprinting. It is written in perl and uses LibWhisker.
51799f93b27c4bf9963d9bb0be06a9c97f9292d2a95f88350b3c19c6dc197876360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
c02190292f3a147e906e373d6d388b12281fc71677eedb7324d27c178ff23901360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
7951e7cbd5d3ef81b6a7dcaed9ec4c95331f77b7aa03178ca7a582058593986eSecunia Security Advisory - A security issue has been reported in the Config::IniFiles module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
1c61cccf748717098d33b1f24e3c2d82a1e851d1cf4b11cde6453361decfdad7Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
a891c0b900417f2980f0e9afcdb10d1fd5581703be2587a92c90c7631b8814dc360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
e2922b592136828485ef5f371fa2e685ec057099245c46322cd9573c14dde2a4Gentoo Linux Security Advisory 201204-8 - Two format string vulnerabilities have been found in the Perl DBD-Pg module, allowing a remote PostgreSQL servers to execute arbitrary code. Versions less than 2.19.0 are affected.
bce5c31bb6b3eebc314508e6cb57e1a6a149a177ea49029bb3e039ea69959c01Red Hat Security Advisory 2012-0478-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
18abb32cf9211542fd5a4c9fa789e88cd4d5530dd19accafd5056d840cd3a798Red Hat Security Advisory 2012-0466-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
ac3d0a5cf4ad166161f6d299cf8b70631e442e80e31a75c43f97926eb4e060f3Red Hat Security Advisory 2012-0465-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
5a04569b6919bd0a20fe7431a7493f6484a21e57dfa7115a5e0ef655365f0b8dSecunia Security Advisory - SUSE has issued an update for perl-DBD-Pg. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the module.
a432e3e6818617d9a8506dd5a740f84536ccdee90abf0726c24f7398f23eccc0360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
fe044230036d848ad6720383afa9e61319b0004de5ccf5aedc1b26ee3e6ced82360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
e40867ec2b07662d86f8ccbf48ffce4f61c258d21758a358af57368530200887360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
42173590795645e2f9e4219d77b6699b9a6ca4563946c65ff2773b7d9c831693360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
88fc63ec0972b2501852fc4f0e3308b885982bd391d185e2e5897765d93e3d45
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed