Oval Definition:oval:org.mitre.oval:def:10598
Revision Date:2013-04-29Version:11
Title:Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Description:Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-3962
Platform(s):CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • perl-suidperl is earlier than 2:5.8.0-90.4
  • OR perl is earlier than 2:5.8.0-90.4
  • OR perl-CPAN is earlier than 2:1.61-90.4
  • OR perl-CGI is earlier than 2:2.89-90.4
  • OR perl-DB_File is earlier than 2:1.806-90.4
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • perl-suidperl is earlier than 3:5.8.5-24.RHEL4
  • OR perl is earlier than 3:5.8.5-24.RHEL4
    • BACK