| VuXML ID | Description |
|---|
| 68c1f75b-8824-11e2-9996-c48508086173 | perl -- denial of service via algorithmic complexity attack on hashing routines
Perl developers report:
In order to prevent an algorithmic complexity attack
against its hashing mechanism, perl will sometimes
recalculate keys and redistribute the contents of a hash.
This mechanism has made perl robust against attacks that
have been demonstrated against other systems.
Research by Yves Orton has recently uncovered a flaw in
the rehashing code which can result in pathological
behavior. This flaw could be exploited to carry out a
denial of service attack against code that uses arbitrary
user input as hash keys.
Because using user-provided strings as hash keys is a
very common operation, we urge users of perl to update their
perl executable as soon as possible.
Discovery 2013-03-04
Entry 2013-03-10
perl
lt 5.12.4_5
ge 5.14.0 lt 5.14.2_3
ge 5.16.0 lt 5.16.2_1
perl-threaded
lt 5.12.4_5
ge 5.14.0 lt 5.14.2_3
ge 5.16.0 lt 5.16.2_1
CVE-2013-1667
http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
|
| 5b47c279-8cb5-11dc-8878-0016179b2dd5 | perl -- regular expressions unicode data buffer overflow
Red Hat reports:
A flaw was found in Perl's regular expression engine. Specially
crafted input to a regular expression can cause Perl to improperly
allocate memory, possibly resulting in arbitrary code running with
the permissions of the user running Perl.
Discovery 2007-11-05
Entry 2007-11-06
Modified 2007-11-07
perl
perl-threaded
gt 5.8.* lt 5.8.8_1
CVE-2007-5116
http://secunia.com/advisories/27546/
|
| 4a99d61c-f23a-11dd-9f55-0030843d3802 | perl -- Directory Permissions Race Condition
Secunia reports:
Paul Szabo has reported a vulnerability in Perl File::Path::rmtree,
which potentially can be exploited by malicious, local users to
gain escalated privileges.
The vulnerability is caused due to a race condition in the way
File::Path::rmtree handles directory permissions when cleaning up
directories. This can be exploited by replacing an existing sub
directory in the directory tree with a symbolic link to an arbitrary
file.
Successful exploitation may allow changing permissions of arbitrary
files, if root uses an application using the vulnerable code to delete
files in a directory having a world-writable sub directory.
Discovery 2005-03-09
Entry 2009-02-03
perl
ge 5.8.0 lt 5.8.9
CVE-2005-0448
http://www.ubuntulinux.org/usn/usn-94-1
http://secunia.com/advisories/14531/
|
| 4a99d61c-f23a-11dd-9f55-0030843d3802 | perl -- Directory Permissions Race Condition
Secunia reports:
Paul Szabo has reported a vulnerability in Perl File::Path::rmtree,
which potentially can be exploited by malicious, local users to
gain escalated privileges.
The vulnerability is caused due to a race condition in the way
File::Path::rmtree handles directory permissions when cleaning up
directories. This can be exploited by replacing an existing sub
directory in the directory tree with a symbolic link to an arbitrary
file.
Successful exploitation may allow changing permissions of arbitrary
files, if root uses an application using the vulnerable code to delete
files in a directory having a world-writable sub directory.
Discovery 2005-03-09
Entry 2009-02-03
perl
ge 5.8.0 lt 5.8.9
CVE-2005-0448
http://www.ubuntulinux.org/usn/usn-94-1
http://secunia.com/advisories/14531/
|
| 5b47c279-8cb5-11dc-8878-0016179b2dd5 | perl -- regular expressions unicode data buffer overflow
Red Hat reports:
A flaw was found in Perl's regular expression engine. Specially
crafted input to a regular expression can cause Perl to improperly
allocate memory, possibly resulting in arbitrary code running with
the permissions of the user running Perl.
Discovery 2007-11-05
Entry 2007-11-06
Modified 2007-11-07
perl
perl-threaded
gt 5.8.* lt 5.8.8_1
CVE-2007-5116
http://secunia.com/advisories/27546/
|