CVE-2005-3962 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-3962
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-3962

Description: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVE Status: Candidate

References: UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-222-1 TRUSTIX http://www.trustix.org/errata/2005/0070 SUSE http://www.novell.com/linux/security/advisories/2005_29_sr.html http://www.novell.com/linux/security/advisories/2005_71_perl.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 SGI SAID Secunia Advisory: SA17844 Secunia Advisory: SA17762 Secunia Advisory: SA17802 Secunia Advisory: SA17941 Secunia Advisory: SA17952 Secunia Advisory: SA18183 Secunia Advisory: SA18187 Secunia Advisory: SA18075 Secunia Advisory: SA18295 Secunia Advisory: SA18517 Secunia Advisory: SA17993 Secunia Advisory: SA19041 Secunia Advisory: SA18413 Secunia Advisory: SA20894 Secunia Advisory: SA23155 Secunia Advisory: SA31208 REDHAT http://www.redhat.com/support/errata/RHSA-2005-881.html http://www.redhat.com/support/errata/RHSA-2005-880.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1074 OSVDB 22255 21345 OPENPKG http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html OPENBSD http://www.openbsd.org/errata37.html#perl MISC http://www.dyadsecurity.com/perl-0002.html MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 HP http://www.securityfocus.com/archive/1/archive/1/438726/100/0/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml FULLDISC http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2 FEDORA DEBIAN http://www.debian.org/security/2006/dsa-943 CONFIRM http://www.ipcop.org/index.php?name=News&file=article&sid=41 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://docs.info.apple.com/article.html?artnum=304829 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 CERT-VN 948385 CERT http://www.us-cert.gov/cas/techalerts/TA06-333A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/418333/100/0/threaded BID 15629 APPLE http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html

Return to the previous page.