CVE-2011-1487

Sažetak

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://openwall.com/lists/oss-security/2011/04/01/3
http://openwall.com/lists/oss-security/2011/04/04/35
http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
http://secunia.com/advisories/43921
http://secunia.com/advisories/44168
http://www.debian.org/security/2011/dsa-2265
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
http://www.securityfocus.com/bid/47124
https://bugzilla.redhat.com/show_bug.cgi?id=692844
https://bugzilla.redhat.com/show_bug.cgi?id=692898
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:34

Objavljeno

11-04-2011 - 18:55