SB2011051303 - Input validation error in Perl

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2011-0761)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

Remediation

Install update from vendor's website.

References

• http://securityreason.com/securityalert/8248
• http://securitytracker.com/id?1025507
• http://www.securityfocus.com/archive/1/517916/100/0/threaded
• http://www.securityfocus.com/bid/47766
• http://www.toucan-system.com/advisories/tssa-2011-03.txt
• https://exchange.xforce.ibmcloud.com/vulnerabilities/67355