CVE-2011-0761

Priority
Low
Description
Perl 5.10.x allows context-dependent attackers to cause a denial of service
(NULL pointer dereference and application crash) by leveraging an ability
to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4)
getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
References
Bugs
Notes
sbeattie> toucan systems advisory has PoC
sarnold> ignoring this CVE: flaw requires extremely poorly written software
to exploit the problem (allow input to modify the number of arguments
to fundamental functions), crashes do not appear to be under argument
control. Upstream Perl team does not consider it a security-relevant
problem and thus have not prepared any patches.
Package
Source: perl (LP Ubuntu Debian)
Upstream:released (5.12.4-4)
Ubuntu 8.04 LTS (Hardy Heron):ignored
Ubuntu 10.04 LTS (Lucid Lynx):ignored
Ubuntu 11.10 (Oneiric Ocelot):not-affected (5.12.4-4)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (5.12.4-4)
Ubuntu 12.10 (Quantal Quetzal):not-affected (5.12.4-4)
Ubuntu 13.04 (Raring Ringtail):not-affected (5.12.4-4)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-11-14 01:17:17 UTC (commit 6040)