Vulnerability CVE-2005-3962

Vulnerability Name:

CVE-2005-3962 (CCN-23380)

Assigned:

2005-12-01

Published:

2005-12-01

Updated:

2018-10-19

Summary:

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Gain Access

References:

Source: CONFIRM
Type: UNKNOWN
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch

Source: CONFIRM
Type: UNKNOWN
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch

Source: SGI
Type: UNKNOWN
20060101-01-U

Source: CCN
Type: BugTraq Mailing List, Thu Jun 29 2006 - 12:56:34 CDT
[security bulletin] HPSBTU02125 SSRT061105 rev.1 - HP Tru64 UNIX Running Perl 5.8.2 and earlier, Local Unauthorized Code Execution

Source: CCN
Type: Full-Disclosure Mailing List, Fri Oct 28 2005 - 00:32:25 CDT
Perl format string integer wrap vulnerability

Source: MITRE
Type: CNA
CVE-2005-3962

Source: MITRE
Type: CNA
CVE-2005-4261

Source: CONECTIVA
Type: UNKNOWN
CLSA-2006:1056

Source: CCN
Type: Apple Security Update 2006-007
About the security content of Security Update 2006-007

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=304829

Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-11-28

Source: FULLDISC
Type: UNKNOWN
20051201 Perl format string integer wrap vulnerability

Source: CCN
Type: RHSA-2005-880
perl security update

Source: CCN
Type: RHSA-2005-881
perl security update

Source: SECUNIA
Type: Vendor Advisory
17762

Source: CCN
Type: SA17802
Perl Explicit Format Parameter Index Integer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
17802

Source: SECUNIA
Type: Vendor Advisory
17844

Source: SECUNIA
Type: Vendor Advisory
17941

Source: SECUNIA
Type: Vendor Advisory
17952

Source: CCN
Type: SA17975
CP+ Unspecified Perl Vulnerability

Source: SECUNIA
Type: Vendor Advisory
17993

Source: CCN
Type: SA18075
Red Hat update perl

Source: SECUNIA
Type: Vendor Advisory
18075

Source: SECUNIA
Type: Vendor Advisory
18183

Source: SECUNIA
Type: Vendor Advisory
18187

Source: SECUNIA
Type: Vendor Advisory
18295

Source: SECUNIA
Type: Vendor Advisory
18413

Source: SECUNIA
Type: Vendor Advisory
18517

Source: SECUNIA
Type: Vendor Advisory
19041

Source: CCN
Type: SA20894
HP Tru64 UNIX and HP Internet Express Perl Vulnerability

Source: SECUNIA
Type: Vendor Advisory
20894

Source: CCN
Type: SA23155
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
23155

Source: CCN
Type: SA31208
IPCop update for perl

Source: SECUNIA
Type: Vendor Advisory
31208

Source: CCN
Type: Sun Alert ID: 102192
Integer Overflow Vulnerability in Perl May Lead to Application Crash or Code Execution

Source: SUNALERT
Type: UNKNOWN
102192

Source: CCN
Type: ASA-2006-008
perl security update (RHSA-2005-881)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

Source: DEBIAN
Type: UNKNOWN
DSA-943

Source: DEBIAN
Type: DSA-943
perl -- integer overflow

Source: MISC
Type: Patch, Vendor Advisory
http://www.dyadsecurity.com/perl-0002.html

Source: CCN
Type: GLSA-200512-01
Perl: Format string errors can lead to code execution

Source: GENTOO
Type: UNKNOWN
GLSA-200512-01

Source: CCN
Type: IPCop Web site
IPCop 1.4.21 released

Source: CONFIRM
Type: UNKNOWN
http://www.ipcop.org/index.php?name=News&file=article&sid=41

Source: CCN
Type: US-CERT VU#948385
Perl contains an integer sign error in format string processing

Source: CERT-VN
Type: US Government Resource
VU#948385

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:225

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:029

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:071

Source: OPENBSD
Type: UNKNOWN
[3.7] 20060105 007: SECURITY FIX: January 5, 2006

Source: CCN
Type: OpenPKG-SA-2005.025
Perl

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2005.025

Source: OSVDB
Type: UNKNOWN
21345

Source: OSVDB
Type: UNKNOWN
22255

Source: CCN
Type: OSVDB ID: 21345
Perl Explicit Format Parameter Index Overflow

Source: CCN
Type: OSVDB ID: 22255
OpenBSD Perl Interpreter sprintf Function Local Overflow

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:880

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:881

Source: BUGTRAQ
Type: UNKNOWN
20051201 Perl format string integer wrap vulnerability

Source: HP
Type: UNKNOWN
HPSBTU02125

Source: BID
Type: UNKNOWN
15629

Source: CCN
Type: BID-15629
Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability

Source: CCN
Type: BID-15799
Positive Software Corporation CP+ Unspecified Perl Security Vulnerability

Source: TRUSTIX
Type: UNKNOWN
TSLSA-2005-0070

Source: CCN
Type: USN-222-1
Perl vulnerability

Source: CCN
Type: USN-222-2
Perl vulnerability

Source: CERT
Type: US Government Resource
TA06-333A

Source: VUPEN
Type: UNKNOWN
ADV-2005-2688

Source: VUPEN
Type: UNKNOWN
ADV-2006-0771

Source: VUPEN
Type: Vendor Advisory
ADV-2006-2613

Source: VUPEN
Type: UNKNOWN
ADV-2006-4750

Source: CCN
Type: IBM Internet Security Systems X-Force Database
Webmin miniserv.pl Web server component username format string

Source: XF
Type: UNKNOWN
perl-format-string-overflow(23380)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10598

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1074

Source: UBUNTU
Type: UNKNOWN
USN-222-1

Source: FEDORA
Type: UNKNOWN
FLSA-2006:176731

Source: SUSE
Type: SUSE-SA:2005:071
perl integer overflows

Vulnerable Configuration:

Configuration 1:

cpe:/a:perl:perl:5.8.6:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.9.2:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:larry_wall:perl:5.9.2:*:*:*:*:*:*:*

OR cpe:/a:larry_wall:perl:5.8.6:*:*:*:*:*:*:*

AND

cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.0:*:oss:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/a:openpkg:openpkg:2.5:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20053962	V	CVE-2005-3962	2022-06-30
oval:org.opensuse.security:def:113107	P	perl-32bit-5.34.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106542	P	perl-32bit-5.34.0-1.1 on GA media (Moderate)	2021-10-01
oval:org.mitre.oval:def:10598	V	Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.	2013-04-29
oval:com.redhat.rhsa:def:20050880	P	RHSA-2005:880: perl security update (Moderate)	2008-03-20
oval:org.mitre.oval:def:1074	V	Perl Format String Integer Overflow Vulnerability	2006-05-03
oval:org.debian:def:943	V	integer overflow	2006-01-16
oval:com.redhat.rhsa:def:20050881	P	RHSA-2005:881: perl security update (Moderate)	2005-12-20

BACK