CVE-2011-0761

Priority
Low
Description
Perl 5.10.x allows context-dependent attackers to cause a denial of service
(NULL pointer dereference and application crash) by leveraging an ability
to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4)
getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
References
Bugs
Notes
 sbeattie> toucan systems advisory has PoC
 sarnold> ignoring this CVE: flaw requires extremely poorly written software
  to exploit the problem (allow input to modify the number of arguments
  to fundamental functions), crashes do not appear to be under argument
  control. Upstream Perl team does not consider it a security-relevant
  problem and thus have not prepared any patches.
Package
Source: perl (LP Ubuntu Debian)
Upstream:released (5.12.4-4)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (5.12.4-4)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:39:24 UTC (commit 9756)