The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of PERL: integer overflow with a format string

Synthesis of the vulnerability 

An integer overflow occurs in PERL interpreter when a malicious format string is used.
Vulnerable products: Debian, Fedora, Tru64 UNIX, Mandriva Linux, Mandriva NF, NLD, OpenBSD, openSUSE, Solaris, Perl Core, RHEL, RedHat Linux, SLES.
Severity of this weakness: 1/4.
Creation date: 01/12/2005.
Références of this bulletin: 102192, 20060101-01-U, 6368763, c00686865, CERTA-2005-AVI-486, CVE-2005-3962, DSA-943-1, FEDORA-2005-1113, FEDORA-2005-1116, FEDORA-2005-1144, FEDORA-2005-1145, FLSA:176731, FLSA-2006:176731, HPSBTU02125, MDKSA-2005:225, RHSA-2005:880, RHSA-2005:880-01, RHSA-2005:881, SSRT061105, SUSE-SA:2005:071, SUSE-SR:2005:029, VIGILANCE-VUL-5388, VU#946969, VU#948385.

Description of the vulnerability 

PERL functions of printf() family support format string similar to those of C language. For example:
  printf("hello%40d", 3);
Displays:
  hello followed_by_39_spaces 3

The parameter between '%' and 'd' indicates the requested size. However, this size is used like a signed integer. An attacker can therefore use a big value in order to allocate a small memory area.

This vulnerability then permit to execute code. To exploit this vulnerability, the attacker must inject its data in a format string.

The VIGILANCE-VUL-5378 vulnerability can be exploited using this vulnerability, because it injects data coming from login name.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity vulnerability impacts software or systems such as Debian, Fedora, Tru64 UNIX, Mandriva Linux, Mandriva NF, NLD, OpenBSD, openSUSE, Solaris, Perl Core, RHEL, RedHat Linux, SLES.

Our Vigil@nce team determined that the severity of this vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this weakness alert.

Solutions for this threat 

Debian: new perl packages.
New packages are available:
Debian GNU/Linux 3.1 alias sarge
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum: 567048 8488e40844019795a1179a2b9a74f172
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum: 508818 66f7900d63a2efb0a787e83186613a98
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum: 3237948 5841d065408022fb2fe0e75febc02d9d
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum: 751956 b77e882ed9558a09398c2fba334e5b4a
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum: 3735798 bb034b2e756aa35cd5fa9e01a0485b13
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum: 31696 d2c9b1fbc10e89e7868e16fb4c97700d
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum: 866818 3419fdaff605b7ddd485a205c1dd1661
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum: 1030 c41835cc5573c0e53610e79766b88d11
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum: 4027834 28436948c3dd298ad38b3c46f69f2cb4
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum: 1046750 1a70c30abb13449d00a2b34c17c79f17
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum: 4534216 49cdfeada4c40365e2392a768739d706
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum: 50104 770378e5ac290729b2943d956cad9c57

Fedora Core 3: new perl packages.
New packages are available:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
2ebe04eeb426388b213977c552e6a004 SRPMS/perl-5.8.5-18.FC3.src.rpm
bb9e5f6a8e05992e4c74e532841cf686 x86_64/perl-5.8.5-18.FC3.x86_64.rpm
2d70d5e1b85d8d6f0a11cd2ef4a6b3cd x86_64/perl-suidperl-5.8.5-18.FC3.x86_64.rpm
d4904e4d622040a34d905c7bfa4a0a03 x86_64/debug/perl-debuginfo-5.8.5-18.FC3.x86_64.rpm
946544c3a8d689c3521719a2205d1aea i386/perl-5.8.5-18.FC3.i386.rpm
0dd03d80622fdbac49b53a0b76a6cf45 i386/perl-suidperl-5.8.5-18.FC3.i386.rpm
aa479beda71d9c015e283b769e4465a7 i386/debug/perl-debuginfo-5.8.5-18.FC3.i386.rpm

Fedora Core 4: new perl packages.
New packages are available:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
aa078272889a851aeaf38ff508f89872 SRPMS/perl-5.8.6-18.src.rpm
7e93837ef07b54f5c7c6e7d8b0b20ceb ppc/perl-5.8.6-18.ppc.rpm
0cfeefee1aa0d3c855d6b30fb4760d85 ppc/perl-suidperl-5.8.6-18.ppc.rpm
86f0ba709fdca4f3e8751e13f7612fdb ppc/debug/perl-debuginfo-5.8.6-18.ppc.rpm
6c984a1b3fd930daf5f2662aec10591f x86_64/perl-5.8.6-18.x86_64.rpm
668ff28c97874e5624f87ee1a54f9e21 x86_64/perl-suidperl-5.8.6-18.x86_64.rpm
fd9bc2eb001abfddbaa0c7880909e065 x86_64/debug/perl-debuginfo-5.8.6-18.x86_64.rpm
896fedda91d64cdd2fcd52590b856eee i386/perl-5.8.6-18.i386.rpm
2e1d33e6d271418977a573e3e511e88b i386/perl-suidperl-5.8.6-18.i386.rpm
f615e50d08621f2986a8994416e1d36e i386/debug/perl-debuginfo-5.8.6-18.i386.rpm

Fedora: new perl packages.
New packages are available:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
a7e2fe1ff4bab8c156872419c2a50f81 SRPMS/perl-5.8.5-22.FC3.src.rpm
6598fa75ba5eaa3801fdfe95f2b752f9 x86_64/perl-5.8.5-22.FC3.x86_64.rpm
feed555aa60c86f50684cc2cbd560e85 x86_64/perl-suidperl-5.8.5-22.FC3.x86_64.rpm
66710a6478deb5007bd9e820ce37f838 x86_64/debug/perl-debuginfo-5.8.5-22.FC3.x86_64.rpm
4adeb9e9cb1d97f7f8ac58bda28df906 i386/perl-5.8.5-22.FC3.i386.rpm
f7ac6cfd6e4af95a440eb642543bbe1e i386/perl-suidperl-5.8.5-22.FC3.i386.rpm
6ff3d018dc179f24519073b019614b43 i386/debug/perl-debuginfo-5.8.5-22.FC3.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
66018e9d9dff5a8609ec6d5b7103b9d6 SRPMS/perl-5.8.6-22.src.rpm
a09a94f2d285132b3b71e5414aa2f379 ppc/perl-5.8.6-22.ppc.rpm
ae4ec1b9ac3f80dd4977cac7e488a3c3 ppc/perl-suidperl-5.8.6-22.ppc.rpm
3f494c22aea1ff69930271b9e53b1dc8 ppc/debug/perl-debuginfo-5.8.6-22.ppc.rpm
7a7461c9f09a1863888de6f85fe2013b x86_64/perl-5.8.6-22.x86_64.rpm
97eb6d680aeecf2fc99ead7eee62d0da x86_64/perl-suidperl-5.8.6-22.x86_64.rpm
79a8ab516cb39f38254ea7b32a45f75c x86_64/debug/perl-debuginfo-5.8.6-22.x86_64.rpm
92652e5ef0b5661e2b91bfa99771fd9c i386/perl-5.8.6-22.i386.rpm
6de0f082d701e5f85d4d553c4ddb84aa i386/perl-suidperl-5.8.6-22.i386.rpm
4134675f84896f885d601811c1656570 i386/debug/perl-debuginfo-5.8.6-22.i386.rpm

Mandriva: new perl packages.
New packages are available:
  Mandriva Linux 10.1:
  fd77af9b7802f41c22d4902b456fdb32 10.1/RPMS/perl-5.8.5-3.5.101mdk.i586.rpm
  49c6b964236039da921a3a0a08105316 10.1/RPMS/perl-base-5.8.5-3.5.101mdk.i586.rpm
  01ad564838030c9992ea70b8fa2261c5 10.1/RPMS/perl-devel-5.8.5-3.5.101mdk.i586.rpm
  3ff0b066b2b67c9d6f0d6d5d757ed67e 10.1/RPMS/perl-doc-5.8.5-3.5.101mdk.i586.rpm
  1e6de184d2c018701d5bc93c60610789 10.1/SRPMS/perl-5.8.5-3.5.101mdk.src.rpm
  
  Mandriva Linux 10.1/X86_64:
  4fef93b585d891e863588f99c0ddd18d x86_64/10.1/RPMS/perl-5.8.5-3.5.101mdk.x86_64.rpm
  9b31454c7a74aa9cab7219ca627100e0 x86_64/10.1/RPMS/perl-base-5.8.5-3.5.101mdk.x86_64.rpm
  1b7708eb96804787524bf34bded09edf x86_64/10.1/RPMS/perl-devel-5.8.5-3.5.101mdk.x86_64.rpm
  cd197160854346c39854f060a9a18d5c x86_64/10.1/RPMS/perl-doc-5.8.5-3.5.101mdk.x86_64.rpm
  1e6de184d2c018701d5bc93c60610789 x86_64/10.1/SRPMS/perl-5.8.5-3.5.101mdk.src.rpm
  
  Mandriva Linux 10.2:
  32b1b7a39b8e0781df41e57188fe5c97 10.2/RPMS/perl-5.8.6-6.2.102mdk.i586.rpm
  05ae3f918377371783c491027b081e92 10.2/RPMS/perl-base-5.8.6-6.2.102mdk.i586.rpm
  2c5b07488636b42b1b15f40b220fd1fd 10.2/RPMS/perl-devel-5.8.6-6.2.102mdk.i586.rpm
  c116213d8e3e30407ba994b281d03f52 10.2/RPMS/perl-doc-5.8.6-6.2.102mdk.i586.rpm
  54c3f67fd42027442a0f589f2ad9dcec 10.2/SRPMS/perl-5.8.6-6.2.102mdk.src.rpm
  
  Mandriva Linux 10.2/X86_64:
  e0890eb10b116c824c3f9a173097c60e x86_64/10.2/RPMS/perl-5.8.6-6.2.102mdk.x86_64.rpm
  75aa18ee9d21d40a639baaee28b238f4 x86_64/10.2/RPMS/perl-base-5.8.6-6.2.102mdk.x86_64.rpm
  1dc42978eb832156c82042ece5c616d9 x86_64/10.2/RPMS/perl-devel-5.8.6-6.2.102mdk.x86_64.rpm
  c4b0b1c2f41d8ab442202136572ec553 x86_64/10.2/RPMS/perl-doc-5.8.6-6.2.102mdk.x86_64.rpm
  54c3f67fd42027442a0f589f2ad9dcec x86_64/10.2/SRPMS/perl-5.8.6-6.2.102mdk.src.rpm
  
  Mandriva Linux 2006.0:
  6333d4baa23e9bc27340ab30d6f6f9fd 2006.0/RPMS/perl-5.8.7-3.2.20060mdk.i586.rpm
  d91a62f81461a51dfffa6dd8e15b6ab4 2006.0/RPMS/perl-base-5.8.7-3.2.20060mdk.i586.rpm
  7d8ec79ab483544765c236c3b7e1ba0f 2006.0/RPMS/perl-devel-5.8.7-3.2.20060mdk.i586.rpm
  af9b52f68ce3eaf066a21694924a3f22 2006.0/RPMS/perl-doc-5.8.7-3.2.20060mdk.i586.rpm
  ff8a844680f7df737431fb9c82c5f50d 2006.0/RPMS/perl-suid-5.8.7-3.2.20060mdk.i586.rpm
  acde621a5890ff325a1ad8ffe83dc1ca 2006.0/SRPMS/perl-5.8.7-3.2.20060mdk.src.rpm
  
  Mandriva Linux 2006.0/X86_64:
  c1fc32b114cd8b2b0af431208da6beaf x86_64/2006.0/RPMS/perl-5.8.7-3.2.20060mdk.x86_64.rpm
  ebf3e1e5460c9362e3a0fc77dcbddad5 x86_64/2006.0/RPMS/perl-base-5.8.7-3.2.20060mdk.x86_64.rpm
  ced9d56a6b9ae7196397f9d7b8e1e41f x86_64/2006.0/RPMS/perl-devel-5.8.7-3.2.20060mdk.x86_64.rpm
  896727d0819ed6161229f4c8722a67fc x86_64/2006.0/RPMS/perl-doc-5.8.7-3.2.20060mdk.x86_64.rpm
  241e526b1892577f35663073adcc4a97 x86_64/2006.0/RPMS/perl-suid-5.8.7-3.2.20060mdk.x86_64.rpm
  acde621a5890ff325a1ad8ffe83dc1ca x86_64/2006.0/SRPMS/perl-5.8.7-3.2.20060mdk.src.rpm
  
  Corporate Server 2.1:
  d20049231eead3d45b0b9281e1decb4c corporate/2.1/RPMS/perl-5.8.0-14.6.C21mdk.i586.rpm
  5da0de8e1beeba847d3576a7a06a496e corporate/2.1/RPMS/perl-base-5.8.0-14.6.C21mdk.i586.rpm
  09a1f64c8b71c473bc0779720defa812 corporate/2.1/RPMS/perl-devel-5.8.0-14.6.C21mdk.i586.rpm
  512a995b03bc5e0c1d2dd22c7b326510 corporate/2.1/RPMS/perl-doc-5.8.0-14.6.C21mdk.i586.rpm
  1b6f22e9b27bf9dc6e029b129c64f17d corporate/2.1/SRPMS/perl-5.8.0-14.6.C21mdk.src.rpm
  
  Corporate Server 2.1/X86_64:
  5d2d2f4908b9c6e8f51d6bb8d961eebe x86_64/corporate/2.1/RPMS/perl-5.8.0-14.6.C21mdk.x86_64.rpm
  5b72479d3df3ae87fa4edf2a105e748d x86_64/corporate/2.1/RPMS/perl-base-5.8.0-14.6.C21mdk.x86_64.rpm
  3559e60ed31815f3902b75df42afc3d7 x86_64/corporate/2.1/RPMS/perl-devel-5.8.0-14.6.C21mdk.x86_64.rpm
  00a8c82a911814a113ae2eaf6915d47b x86_64/corporate/2.1/RPMS/perl-doc-5.8.0-14.6.C21mdk.x86_64.rpm
  1b6f22e9b27bf9dc6e029b129c64f17d x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.6.C21mdk.src.rpm
  
  Corporate 3.0:
  7b1917b673681d9de4e4737af0b121c8 corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.i586.rpm
  2ddb28f87a9ab94bfda90fc476da3805 corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.i586.rpm
  c939615d266f5fa4ed1755ce31915dde corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.i586.rpm
  ca449fac6c286d5bbd0c3bd137316e98 corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.i586.rpm
  d3a7de2cfc352459b85cdc261b57d1e6 corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm
  
  Corporate 3.0/X86_64:
  4578c3ad7a7c4fd87086ac571478ae1b x86_64/corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.x86_64.rpm
  bbe873bc27e07d05c7d4846edd34acec x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.x86_64.rpm
  833889de8df484c212c69a1e658f5ffe x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.x86_64.rpm
  c9dbf8d3ca9715e33bbc664efc2dca24 x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.x86_64.rpm
  d3a7de2cfc352459b85cdc261b57d1e6 x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm
  
  Multi Network Firewall 2.0:
  0f29d338645e61084cf87953c331c87e mnf/2.0/RPMS/perl-5.8.3-5.5.M20mdk.i586.rpm
  fee6e3863a13cd043b29ae0fcd053221 mnf/2.0/RPMS/perl-base-5.8.3-5.5.M20mdk.i586.rpm
  be47c56a9ae307c338031dcb5194e491 mnf/2.0/RPMS/perl-devel-5.8.3-5.5.M20mdk.i586.rpm
  d0c6075c99103eb8b3bea0a38d1c9cdf mnf/2.0/RPMS/perl-doc-5.8.3-5.5.M20mdk.i586.rpm
  8ce4eff23c4dd50c5bbaef75b69c5482 mnf/2.0/SRPMS/perl-5.8.3-5.5.M20mdk.src.rpm

OpenBSD: patch for Perl.
A patch is available:
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch

PERL: patch against format string attacks.
A patch is available.

Red Hat Linux, Fedora Core: new perl packages.
New packages are available:
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/perl-5.8.0-90.0.13.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-5.8.0-90.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-CGI-2.81-90.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-CPAN-1.61-90.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-DB_File-1.804-90.0.13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-suidperl-5.8.0-90.0.13.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/perl-5.8.3-17.5.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/perl-5.8.3-17.5.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/perl-suidperl-5.8.3-17.5.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/perl-5.8.3-19.5.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/perl-5.8.3-19.5.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/perl-suidperl-5.8.3-19.5.legacy.i386.rpm

RHEL 3: new perl packages.
New packages are available:
Red Hat Enterprise Linux version 3: perl-5.8.0-90.4

RHEL 4: new perl packages.
New packages are available:
Red Hat Enterprise Linux version 4: perl-5.8.5-24.RHEL4

SGI ProPack: new cups, httpd, mod_auth_pgsql, xpdf, netpbm, perl packages.
Patch 10258 is corrected.
Individual packages are available:
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Solaris: patch for Perl.
A patch is available:
SPARC
    * Solaris 10 : 119985-02
x86
    * Solaris 10 : 122082-01

SUSE: new packages.
New packages will be available soon with FTP or YaST.

SUSE: new perl packages.
New packages are available:
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/perl-5.8.7-5.3.i586.rpm
         4de87a1baabaca72b1d043f5802b55e8
   
   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/perl-5.8.6-5.3.i586.rpm
         bf2673a0102d07e3498ebb608a6bf86a
   
   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/perl-5.8.5-3.5.i586.rpm
         7f3e5f07cdf3e5adcb2bb4a1a70fcd66
   
   SUSE LINUX 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/perl-5.8.3-32.9.i586.rpm
         39e0469e1e258ce2a762f44010eeed44
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/i586/perl-32bit-9.1-200512180858.i586.rpm
         fcb5e777e342dc3cf7e80f25b79d6002
   
   SuSE Linux 9.0:
   ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/perl-5.8.1-133.i586.rpm
         4f689e4779e62911c6707325c04bb8c7
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/i586/perl-32bit-9.0-5.i586.rpm
         3dccbba55f989dac7c1ceaeba1c15aa5

Tru64 UNIX: patch for Perl.
A patch is available:
HP Tru64 UNIX 5.1B-3 Perl Patch Kit
  Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=PERL_V51BB26-ES-20060612
  Name: PERL_V51BB26-ES-20060612
  MD5 Checksum: 49bb5de02b3236a0991698ec5f3ca648
HP Internet Express 6.5 (Internet products and solutions for Tru64 UNIX Website)
  Location: http://h30097.www3.hp.com/internet/prod_sol.htm
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities watch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.