Main Vulnerability Database SB2011051303

SB2011051303 - Input validation error in Perl

Published: May 13, 2011 Updated: August 11, 2020

Security Bulletin ID SB2011051303

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2011-0761)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

Remediation

Install update from vendor's website.

References

http://securityreason.com/securityalert/8248
http://securitytracker.com/id?1025507
http://www.securityfocus.com/archive/1/517916/100/0/threaded
http://www.securityfocus.com/bid/47766
http://www.toucan-system.com/advisories/tssa-2011-03.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/67355