Vulnerability CVE-2011-2728 - CERT Civis.Net

Vulnerability Name:

CVE-2011-2728 (CCN-70186)

Assigned:

2011-09-29

Published:

2011-09-29

Updated:

2013-01-29

Summary:

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Perl Web site
perldelta - what is new for perl v5.14.2

Source: CONFIRM
Type: UNKNOWN
http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod

Source: MITRE
Type: CNA
CVE-2011-2728

Source: FEDORA
Type: UNKNOWN
FEDORA-2011-15484

Source: MISC
Type: UNKNOWN
http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77

Source: CCN
Type: SA46172
Perl "decode_xs()" and "File::Glob::bsd_glob()" Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
46172

Source: CCN
Type: SA55379
Oracle Solaris Perl "File::Glob::bsd_glob()" Vulnerability

Source: CCN
Type: OSVDB ID: 76723
Perl File::Glob::bsd_glob() Function GLOB_ALTDIRFUNC Flag Handling Remote Code Execution

Source: BID
Type: UNKNOWN
49858

Source: CCN
Type: BID-49858
Perl 'decode_xs()' and 'File::Glob::bsd_glob()' Remote Code Execution Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=742987

Source: XF
Type: UNKNOWN
perl-fileglobbsdglob-code-exec(70186)

Vulnerable Configuration:

Configuration 1:

cpe:/a:perl:perl:1.00:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.01:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.20:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.21:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.22:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.31:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.32:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.40:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.41:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.42:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.43:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.44:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.45:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.46:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.47:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.48:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:1.49:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.1.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.3.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.6.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.6.3:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.6.4:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.6.5:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.6.6:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.7.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.7.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.8.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.8.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.8.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.8.3:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.8.4:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.8.5:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.8.6:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.8.7:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.8.8:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.9.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.9.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.9.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.10.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.10.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.10.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.10.3:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.10.4:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.10.5:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.10.6:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.10.7:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.11.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.11.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.11.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.11.3:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.11.4:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.11.5:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.11.6:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.11.7:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.11.8:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.12.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.13.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.14.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.14.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.15.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.15.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.16.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.16.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.17.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.17.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.17.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.18.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:2.18.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.6.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.6.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.3:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.4:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.5:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.6:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.7:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.8:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.9:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.8.10:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.9.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.10:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.10.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.10.0:rc1:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.10.0:rc2:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.10.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.10.1:rc1:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.10.1:rc2:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.11.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.11.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.11.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.11.3:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.11.4:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.11.5:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.0:rc0:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.0:rc1:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.0:rc2:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.0:rc3:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.0:rc4:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.0:rc5:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.1:rc1:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.1:rc2:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.2:rc1:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.3:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.3:rc1:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.3:rc2:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.12.3:rc3:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.1:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.2:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.3:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.4:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.5:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.6:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.7:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.8:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.9:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.10:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.13.11:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.14.0:*:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.14.0:rc1:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.14.0:rc2:*:*:*:*:*:*

OR cpe:/a:perl:perl:5.14.0:rc3:*:*:*:*:*:*

OR cpe:/a:perl:perl:*:*:*:*:*:*:*:* (Version <= 5.14.1)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42420	P	Security update for logrotate (Important)	2022-07-25
oval:org.opensuse.security:def:20112728	V	CVE-2011-2728	2022-05-20
oval:org.opensuse.security:def:32233	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:26162	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:31697	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:26156	P	Security update for open-lldp (Moderate)	2021-10-26
oval:org.opensuse.security:def:26139	P	Security update for libvirt (Moderate)	2021-10-04
oval:org.opensuse.security:def:32194	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:32185	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:32976	P	Security update for cpio (Important)	2021-08-14
oval:org.opensuse.security:def:26099	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:26098	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:32145	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:26086	P	Security update for libsolv (Important)	2021-06-28
oval:org.opensuse.security:def:36265	P	perl-32bit-5.10.0-64.72.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36537	P	perl-base-32bit-5.10.0-64.72.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32937	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:42672	P	perl-32bit-5.10.0-64.72.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32089	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:31743	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:31732	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:31731	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:26192	P	Security update for php72 (Important)	2021-02-17
oval:org.opensuse.security:def:32255	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:26087	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:32098	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:31565	P	Security update for openssl (Important)	2020-12-11
oval:org.opensuse.security:def:36013	P	perl-32bit-5.10.0-64.67.52 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32397	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:25574	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:26663	P	PolicyKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33189	P	libupsclient1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31479	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25988	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26862	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31789	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:26294	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:26018	P	Security update for freerdp (Important)	2020-12-01
oval:org.opensuse.security:def:26444	P	Security update for mumble (Moderate)	2020-12-01
oval:org.opensuse.security:def:27228	P	libxcrypt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25562	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26428	P	Security update for redis (Moderate)	2020-12-01
oval:org.opensuse.security:def:32507	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25847	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26804	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26241	P	Security update for evolution (Moderate)	2020-12-01
oval:org.opensuse.security:def:25826	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27011	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26240	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32299	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:32041	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:26546	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26290	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32446	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25638	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26716	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33228	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31480	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:27500	P	libwebkit-1_0-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25814	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31846	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:26338	P	Security update for Chromium (Moderate)	2020-12-01
oval:org.opensuse.security:def:31817	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:26493	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:32341	P	Security update for spice (Moderate)	2020-12-01
oval:org.opensuse.security:def:27263	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25563	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:26512	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:32551	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25904	P	Security update for gegl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26818	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26280	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25890	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26391	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:26590	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26371	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32485	P	PolicyKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25766	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26765	P	librsvg on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31491	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:27535	P	perl-base-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25815	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31933	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26976	P	libtspi1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31949	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:26532	P	cron on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:26050	P	SUSE-SU-2013:0442-1 -- Security update for Perl	2014-09-08
oval:org.mitre.oval:def:26263	P	SUSE-SU-2013:0441-1 -- Security update for Perl	2014-09-08
oval:com.ubuntu.precise:def:20112728000	V	CVE-2011-2728 on Ubuntu 12.04 LTS (precise) - negligible.	2012-12-21