CVE-2011-0761
Priority
Low
Description
Perl 5.10.x allows context-dependent attackers to cause a denial of service
(NULL pointer dereference and application crash) by leveraging an ability
to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4)
getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
(NULL pointer dereference and application crash) by leveraging an ability
to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4)
getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
References
Notes
sbeattie> toucan systems advisory has PoC
sarnold> ignoring this CVE: flaw requires extremely poorly written software
to exploit the problem (allow input to modify the number of arguments
to fundamental functions), crashes do not appear to be under argument
control. Upstream Perl team does not consider it a security-relevant
problem and thus have not prepared any patches.
sarnold> ignoring this CVE: flaw requires extremely poorly written software
to exploit the problem (allow input to modify the number of arguments
to fundamental functions), crashes do not appear to be under argument
control. Upstream Perl team does not consider it a security-relevant
problem and thus have not prepared any patches.
Package
| Upstream: | released (5.12.4-4) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored |
| Ubuntu 10.04 LTS (Lucid Lynx): | ignored |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (5.12.4-4) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (5.12.4-4) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (5.12.4-4) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (5.12.4-4) |