Published: 13/01/2012 Updated: 19/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Eval injection vulnerability in the Digest module prior to 1.17 for Perl allows context-dependent malicious users to execute arbitrary commands via the new constructor.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gisle aas digest 1.15
gisle aas digest 1.14
gisle aas digest 1.07
gisle aas digest 1.06
gisle aas digest 1.16
gisle aas digest 1.09
gisle aas digest 1.08
gisle aas digest 1.00
gisle aas digest 1.11
gisle aas digest 1.10
gisle aas digest 1.03
gisle aas digest 1.02
gisle aas digest 1.01
gisle aas digest 1.13
gisle aas digest 1.12
gisle aas digest 1.05
gisle aas digest 1.04

Synopsis Moderate: perl security update Type/Severity Security Advisory: Moderate Topic Updated perl packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...

Perl programs could be made to crash or run programs if they receive specially crafted network traffic or other input ...

Debian Bug report logs - #644108 unsafe use of eval in Digest->new() Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Reported by: Ansgar Burchardt <ansgar@debianorg> Date: Sun, 2 Oct 2011 21:48:01 UTC Severity: important Tags: security, upstr ...

Debian Bug report logs - #637376 perl: [CVE-2011-2939] Encode security: Unicodexs!decode_xs n-byte heap-overflow Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Reported by: Dominic Hargreaves <dom@earthli> Date: Wed, 10 Aug 2011 17:57:02 UTC Se ...

A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program (CVE-2011-2939) It was found that the "new" cons ...

source: wwwsecurityfocuscom/bid/49911/info The Digest module for Perl is prone to a vulnerability that will let attackers inject and execute arbitrary Perl code Remote attackers can exploit this issue to run arbitrary code in the context of the affected application Digest versions prior to 117 are affected Digest->new("::MD5lpr ...

CWE-20 http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc http://www.redhat.com/support/errata/RHSA-2011-1797.html http://www.redhat.com/support/errata/RHSA-2011-1424.html https://bugzilla.redhat.com/show_bug.cgi?id=743010 http://www.securityfocus.com/bid/49911 http://secunia.com/advisories/46279 http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes http://www.mandriva.com/security/advisories?name=MDVSA-2012:009 http://www.mandriva.com/security/advisories?name=MDVSA-2012:008 http://secunia.com/advisories/51457 http://www.ubuntu.com/usn/USN-1643-1 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446 https://access.redhat.com/errata/RHSA-2011:1797 https://usn.ubuntu.com/1643-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/36199/

CVE-2011-3597

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect