Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes Perl Integer Overflow Vulnerability

Title : Fedora Security Update Fixes Perl Integer Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2005-2694
CVE ID : CVE-2005-3962
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-02

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format  Receive VUPEN Security notifications by SMS 

Fedora has released updated packages to address a vulnerability identified in Perl. This flaw is due to an integer overflow error in the "Perl_sv_vcatpvfn()" [sv.c] function that does not properly handle format string specifiers with large values, which could be exploited by attackers, in conjunction with format string vulnerabilities present in Perl applications, to crash an affected application and possibly execute arbitrary code. For additional information, see : VUPEN/ADV-2005-2688

Affected Products

Fedora Core 4
Fedora Core 3

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

aa078272889a851aeaf38ff508f89872 SRPMS/perl-5.8.6-18.src.rpm
7e93837ef07b54f5c7c6e7d8b0b20ceb ppc/perl-5.8.6-18.ppc.rpm
0cfeefee1aa0d3c855d6b30fb4760d85 ppc/perl-suidperl-5.8.6-18.ppc.rpm
86f0ba709fdca4f3e8751e13f7612fdb ppc/debug/perl-debuginfo-5.8.6-18.ppc.rpm
6c984a1b3fd930daf5f2662aec10591f x86_64/perl-5.8.6-18.x86_64.rpm
668ff28c97874e5624f87ee1a54f9e21 x86_64/perl-suidperl-5.8.6-18.x86_64.rpm
fd9bc2eb001abfddbaa0c7880909e065 x86_64/debug/perl-debuginfo-5.8.6-18.x86_64.rpm
896fedda91d64cdd2fcd52590b856eee i386/perl-5.8.6-18.i386.rpm
2e1d33e6d271418977a573e3e511e88b i386/perl-suidperl-5.8.6-18.i386.rpm
f615e50d08621f2986a8994416e1d36e i386/debug/perl-debuginfo-5.8.6-18.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

2ebe04eeb426388b213977c552e6a004 SRPMS/perl-5.8.5-18.FC3.src.rpm
bb9e5f6a8e05992e4c74e532841cf686 x86_64/perl-5.8.5-18.FC3.x86_64.rpm
2d70d5e1b85d8d6f0a11cd2ef4a6b3cd x86_64/perl-suidperl-5.8.5-18.FC3.x86_64.rpm
d4904e4d622040a34d905c7bfa4a0a03 x86_64/debug/perl-debuginfo-5.8.5-18.FC3.x86_64.rpm
946544c3a8d689c3521719a2205d1aea i386/perl-5.8.5-18.FC3.i386.rpm
0dd03d80622fdbac49b53a0b76a6cf45 i386/perl-suidperl-5.8.5-18.FC3.i386.rpm
aa479beda71d9c015e283b769e4465a7 i386/debug/perl-debuginfo-5.8.5-18.FC3.i386.rpm

References

http://www.vupen.com/english/advisories/2005/2694
http://www.frsirt.com/english/reference/1722
http://www.frsirt.com/english/reference/1761

ChangeLog

2005-12-02 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7


  >> 2009-05-12

     

  Microsoft Patched 14
  Office PowerPoint Flaws

 

  >> 2009-04-28

     

  Adobe Reader / Acrobat
  Vulnerabilities Disclosed

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy