Red Hat update for perl



Published: 2018-04-23
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-6797
CVE-2018-6798
CWE-ID CWE-122
CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU11833

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-6797

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in S_regatom() in 'regcomp.c' due to heap-based buffer overflow. A local attacker can exploit a specially crafted regular expression, trigger memory corruption and cause the service to crash or run Perl code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1192

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Heap-based buffer over-read

EUVDB-ID: #VU11834

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-6798

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information or execute arbitrary code on the target system.

The weakness exists due to heap-based buffer over-read. A local attacker can exploit a specially crafted locale dependent regular expression, trigger memory corruption and gain access to potentially sensitive information or run Perl code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for x86_64: 6 - 7.4


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:1192

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###