VUPEN Security - Mandriva Security Update Fixes Perl Integer Overflow Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Mandriva Security Update Fixes Perl Integer Overflow Vulnerability

Title : Mandriva Security Update Fixes Perl Integer Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2005-2816
CVE ID : CVE-2005-3962
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-09

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Mandriva has released updated packages to address a vulnerability identified in Perl. This flaw is due to an integer overflow error in the "Perl_sv_vcatpvfn()" [sv.c] function that does not properly handle format string specifiers with large values, which could be exploited by attackers, in conjunction with format string vulnerabilities present in Perl applications, to crash an affected application and possibly execute arbitrary code. For additional information, see : VUPEN/ADV-2005-2688

Affected Products

Mandriva Linux 10.1
Mandriva Linux 10.2
Mandriva Linux 2006.0
Corporate Server 2.1
Corporate 3.0
Multi Network Firewall 2.0

Solution

Upgrade the affected packages :

Mandriva Linux 10.1:
fd77af9b7802f41c22d4902b456fdb32 10.1/RPMS/perl-5.8.5-3.5.101mdk.i586.rpm
49c6b964236039da921a3a0a08105316 10.1/RPMS/perl-base-5.8.5-3.5.101mdk.i586.rpm
01ad564838030c9992ea70b8fa2261c5 10.1/RPMS/perl-devel-5.8.5-3.5.101mdk.i586.rpm
3ff0b066b2b67c9d6f0d6d5d757ed67e 10.1/RPMS/perl-doc-5.8.5-3.5.101mdk.i586.rpm
1e6de184d2c018701d5bc93c60610789 10.1/SRPMS/perl-5.8.5-3.5.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
4fef93b585d891e863588f99c0ddd18d x86_64/10.1/RPMS/perl-5.8.5-3.5.101mdk.x86_64.rpm
9b31454c7a74aa9cab7219ca627100e0 x86_64/10.1/RPMS/perl-base-5.8.5-3.5.101mdk.x86_64.rpm
1b7708eb96804787524bf34bded09edf x86_64/10.1/RPMS/perl-devel-5.8.5-3.5.101mdk.x86_64.rpm
cd197160854346c39854f060a9a18d5c x86_64/10.1/RPMS/perl-doc-5.8.5-3.5.101mdk.x86_64.rpm
1e6de184d2c018701d5bc93c60610789 x86_64/10.1/SRPMS/perl-5.8.5-3.5.101mdk.src.rpm

Mandriva Linux 10.2:
32b1b7a39b8e0781df41e57188fe5c97 10.2/RPMS/perl-5.8.6-6.2.102mdk.i586.rpm
05ae3f918377371783c491027b081e92 10.2/RPMS/perl-base-5.8.6-6.2.102mdk.i586.rpm
2c5b07488636b42b1b15f40b220fd1fd 10.2/RPMS/perl-devel-5.8.6-6.2.102mdk.i586.rpm
c116213d8e3e30407ba994b281d03f52 10.2/RPMS/perl-doc-5.8.6-6.2.102mdk.i586.rpm
54c3f67fd42027442a0f589f2ad9dcec 10.2/SRPMS/perl-5.8.6-6.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
e0890eb10b116c824c3f9a173097c60e x86_64/10.2/RPMS/perl-5.8.6-6.2.102mdk.x86_64.rpm
75aa18ee9d21d40a639baaee28b238f4 x86_64/10.2/RPMS/perl-base-5.8.6-6.2.102mdk.x86_64.rpm
1dc42978eb832156c82042ece5c616d9 x86_64/10.2/RPMS/perl-devel-5.8.6-6.2.102mdk.x86_64.rpm
c4b0b1c2f41d8ab442202136572ec553 x86_64/10.2/RPMS/perl-doc-5.8.6-6.2.102mdk.x86_64.rpm
54c3f67fd42027442a0f589f2ad9dcec x86_64/10.2/SRPMS/perl-5.8.6-6.2.102mdk.src.rpm

Mandriva Linux 2006.0:
6333d4baa23e9bc27340ab30d6f6f9fd 2006.0/RPMS/perl-5.8.7-3.2.20060mdk.i586.rpm
d91a62f81461a51dfffa6dd8e15b6ab4 2006.0/RPMS/perl-base-5.8.7-3.2.20060mdk.i586.rpm
7d8ec79ab483544765c236c3b7e1ba0f 2006.0/RPMS/perl-devel-5.8.7-3.2.20060mdk.i586.rpm
af9b52f68ce3eaf066a21694924a3f22 2006.0/RPMS/perl-doc-5.8.7-3.2.20060mdk.i586.rpm
ff8a844680f7df737431fb9c82c5f50d 2006.0/RPMS/perl-suid-5.8.7-3.2.20060mdk.i586.rpm
acde621a5890ff325a1ad8ffe83dc1ca 2006.0/SRPMS/perl-5.8.7-3.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c1fc32b114cd8b2b0af431208da6beaf x86_64/2006.0/RPMS/perl-5.8.7-3.2.20060mdk.x86_64.rpm
ebf3e1e5460c9362e3a0fc77dcbddad5 x86_64/2006.0/RPMS/perl-base-5.8.7-3.2.20060mdk.x86_64.rpm
ced9d56a6b9ae7196397f9d7b8e1e41f x86_64/2006.0/RPMS/perl-devel-5.8.7-3.2.20060mdk.x86_64.rpm
896727d0819ed6161229f4c8722a67fc x86_64/2006.0/RPMS/perl-doc-5.8.7-3.2.20060mdk.x86_64.rpm
241e526b1892577f35663073adcc4a97 x86_64/2006.0/RPMS/perl-suid-5.8.7-3.2.20060mdk.x86_64.rpm
acde621a5890ff325a1ad8ffe83dc1ca x86_64/2006.0/SRPMS/perl-5.8.7-3.2.20060mdk.src.rpm

Corporate Server 2.1:
d20049231eead3d45b0b9281e1decb4c corporate/2.1/RPMS/perl-5.8.0-14.6.C21mdk.i586.rpm
5da0de8e1beeba847d3576a7a06a496e corporate/2.1/RPMS/perl-base-5.8.0-14.6.C21mdk.i586.rpm
09a1f64c8b71c473bc0779720defa812 corporate/2.1/RPMS/perl-devel-5.8.0-14.6.C21mdk.i586.rpm
512a995b03bc5e0c1d2dd22c7b326510 corporate/2.1/RPMS/perl-doc-5.8.0-14.6.C21mdk.i586.rpm
1b6f22e9b27bf9dc6e029b129c64f17d corporate/2.1/SRPMS/perl-5.8.0-14.6.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
5d2d2f4908b9c6e8f51d6bb8d961eebe x86_64/corporate/2.1/RPMS/perl-5.8.0-14.6.C21mdk.x86_64.rpm
5b72479d3df3ae87fa4edf2a105e748d x86_64/corporate/2.1/RPMS/perl-base-5.8.0-14.6.C21mdk.x86_64.rpm
3559e60ed31815f3902b75df42afc3d7 x86_64/corporate/2.1/RPMS/perl-devel-5.8.0-14.6.C21mdk.x86_64.rpm
00a8c82a911814a113ae2eaf6915d47b x86_64/corporate/2.1/RPMS/perl-doc-5.8.0-14.6.C21mdk.x86_64.rpm
1b6f22e9b27bf9dc6e029b129c64f17d x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.6.C21mdk.src.rpm

Corporate 3.0:
7b1917b673681d9de4e4737af0b121c8 corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.i586.rpm
2ddb28f87a9ab94bfda90fc476da3805 corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.i586.rpm
c939615d266f5fa4ed1755ce31915dde corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.i586.rpm
ca449fac6c286d5bbd0c3bd137316e98 corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.i586.rpm
d3a7de2cfc352459b85cdc261b57d1e6 corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
4578c3ad7a7c4fd87086ac571478ae1b x86_64/corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.x86_64.rpm
bbe873bc27e07d05c7d4846edd34acec x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.x86_64.rpm
833889de8df484c212c69a1e658f5ffe x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.x86_64.rpm
c9dbf8d3ca9715e33bbc664efc2dca24 x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.x86_64.rpm
d3a7de2cfc352459b85cdc261b57d1e6 x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm

Multi Network Firewall 2.0:
0f29d338645e61084cf87953c331c87e mnf/2.0/RPMS/perl-5.8.3-5.5.M20mdk.i586.rpm
fee6e3863a13cd043b29ae0fcd053221 mnf/2.0/RPMS/perl-base-5.8.3-5.5.M20mdk.i586.rpm
be47c56a9ae307c338031dcb5194e491 mnf/2.0/RPMS/perl-devel-5.8.3-5.5.M20mdk.i586.rpm
d0c6075c99103eb8b3bea0a38d1c9cdf mnf/2.0/RPMS/perl-doc-5.8.3-5.5.M20mdk.i586.rpm
8ce4eff23c4dd50c5bbaef75b69c5482 mnf/2.0/SRPMS/perl-5.8.3-5.5.M20mdk.src.rpm

References

http://www.vupen.com/english/advisories/2005/2816
http://www.frsirt.com/english/reference/2163

ChangeLog

2005-12-09 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-07-06

Microsoft Windows 0-Day
Flaw Exploited in the Wild

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

More Informations