SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |   



Category:   Application (Generic)  >   Perl Vendors:   Wall, Larry
(HP Issues Fix for Tru64 UNIX) Perl Regex Processing Bug May Let Users Execute Arbitrary Code
SecurityTracker Alert ID:  1019456
SecurityTracker URL:  https://securitytracker.com/id/1019456
CVE Reference:   CVE-2007-5116   (Links to External Site)
Date:  Feb 20 2008
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.8
Description:   A vulnerability was reported in Perl. A local or remote user can execute arbitrary code on the target system.

A remote or local user may be able to supply a specially crafted regular expression to execute arbitrary code on the target system.

Tavis Ormandy and Will Drewry reported this vulnerability.
Impact:   A local or remote user can execute arbitrary code on the target system.
Solution:   HP has released the following Early Release Patch kits.

HP Tru64 UNIX Version v5.1B-4
PREREQUISITE: HP Tru64 UNIX v5.1B-4 PK6 (BL27)
Name: perl_V51BB27-ES-20080207
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=perl_V51BB27-ES-20080207

HP Tru64 UNIX Version v5.1B-3
PREREQUISITE: HP Tru64 UNIX v5.1B-3 PK5 (BL26)
Name: perl_V51BB26-ES-20080204
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001399-V51BB26-ES-20071207

Internet Express (IX) for HP Tru64 UNIX v 6.7
PREREQUISITE: HP Tru64 UNIX v5.1B-3 PK5 (BL26) or HP Tru64 UNIX v5.1B-3 PK5 (BL26)
NOTE: Use the Perl patch kit appropriate to the operating system version

The HP advisory is available at:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01362465
Vendor URL:  h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01362465 (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (Tru64)
Underlying OS Comments:  5.1B-3, 5.1B-4

Message History:   This archive entry is a follow-up to the message listed below.
Nov 6 2007 Perl Regex Processing Bug May Let Users Execute Arbitrary Code


 Source Message Contents
Subject:  [security bulletin] HPSBTU02311 SSRT080001 rev.1 - HP Tru64 UNIX running Perl, Remote Execution of Arbitrary Code


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search


Content previously copyright SecurityGlobal.net LLC placed in the public domain on December 31, 2019.