 |
with SecurityTracker! | |
|
|
with SecurityTracker! | |
| Home | View Topics | Search | |
|
|
| Category: Application (Generic) > Perl | Vendors: Wall, Larry |
|
(IBM Issues Fix) Perl Regex Processing Bug May Let Users Execute Arbitrary Code
| ||
| SecurityTracker Alert ID: 1019113 | ||
| SecurityTracker URL: https://securitytracker.com/id/1019113 | ||
| CVE Reference: CVE-2007-5116 (Links to External Site) | ||
|
Date: Dec 18 2007
| ||
|
Impact:
Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network | ||
|
Fix Available: Yes Vendor Confirmed: Yes | ||
|
Version(s): 5.8 | ||
|
Description:
A vulnerability was reported in Perl. A local or remote user can execute arbitrary code on the target system. A remote or local user may be able to supply a specially crafted regular expression to execute arbitrary code on the target system. Tavis Ormandy and Will Drewry reported this vulnerability. | ||
|
Impact:
A local or remote user can execute arbitrary code on the target system. | ||
|
Solution:
IBM has issued interim fixes, available at: ftp://aix.software.ibm.com/aix/efixes/security/perl_ifix.tar IBM plans to issue the following APARS: 5.2: IZ10220 5.3 through TL06: IZ10244 5.3 TL07: IZ10244 6.1: IZ10244 The IBM advisories are available at: http://www.ibm.com/support/docview.wss?uid=isg1IZ10220 http://www.ibm.com/support/docview.wss?uid=isg1IZ10244 | ||
|
Cause:
Input validation error | ||
| Underlying OS: UNIX (AIX) | ||
| Underlying OS Comments: 5.2, 5.3, 6.1 | ||
|
| ||
Message History:
This archive entry is a follow-up to the message listed below.
| ||
Source Message Contents | ||
| ||