Next Page >>
Perl interpreter
===========================================================
Ubuntu Security Notice USN-700-2 January 15, 2009
perl regression
https://launchpad.net/bugs/315991
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
| $dbh->do($query) || $form->dberror($query);
The values for $form->{db} and $form->{id} are supplied by the user and are not filtered or
quoted before using them in the SQL query.
Perl's DBI module offers prepared statements with bound parameter queries (e.g.
"DELETE FROM ? WHERE id = ?"), which should be used — together with input filtering as a
defense in depth strategy — to prevent this kind of attack.
* Local File Include (CVE-2009-3583)
CVE-2009-3583 refers to a security vulnerability in SQL-Ledger (and
presumably some offshoots, including early versions of LedgerSMB)
whereby one can include arbitrary Perl code.
All versions of SQL-Ledger 2.x are presumed vulnerable. At least my
experience with SQL-Ledger suggests that the relevant code has not
changed significantly since at least 2.2.0.
All versions of LedgerSMB lower than 1.2.0 are vulnerable. 1.2.0 is
the first version that is not vulnerable.
This update corrects regressions introduced by the devscripts security
update, DSA-1878-1. The original announcement was:
Raphael Geissert discovered that uscan, a program to check for
availability of new source code versions which is part of the
devscripts package, runs Perl code downloaded from potentially
untrusted sources to implement its URL and version mangling
functionality. This update addresses this issue by reimplementing the
relevant Perl operators without relying on the Perl interpreter,
trying to preserve backwards compatibility as much as possible.
Debian-specific: yes
CVE Id(s) : CVE-2009-2946
Raphael Geissert discovered that uscan, a program to check for
availability of new source code versions which is part of the
devscripts package, runs Perl code downloaded from potentially
untrusted sources to implement its URL and version mangling
functionality. This update addresses this issue by reimplementing the
relevant Perl operators without relying on the Perl interpreter,
trying to preserve backwards compatibility as much as possible.
===========================================================
Ubuntu Security Notice USN-700-1 December 24, 2008
libarchive-tar-perl, perl vulnerabilities
CVE-2007-4829, CVE-2008-1927, CVE-2008-5302, CVE-2008-5303
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
#! /usr/bin/perl
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# Libra PHP File Manager <= 1.18 / Local File Inclusion Vulnerability
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# Program: Libra PHP File Manager
# Version: <= 1.18
# File affected: fileadmin.php
# Download: http://file.sourceforge.net
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01362465
Version: 1
HPSBTU02311 SSRT080001 rev.1 - HP Tru64 UNIX running Perl, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-02-19
Last Updated: 2008-02-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Perl: Buffer overflow
Date: November 19, 2007
Bugs: #198196
ID: 200711-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===========================================================
Ubuntu Security Notice USN-794-1 July 02, 2009
libcompress-raw-zlib-perl, perl vulnerability
CVE-2009-1391
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
#!/usr/bin/perl
#-----------------------------------------------------------------------------
# User options changer (SQLi) EXPLOIT --Bigace CMS -stable release- 2.5-->
#-----------------------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://www.bigace.de/
#-->DOWNLOAD: http://downloads.sourceforge.net/bigace/
#-->DEMO: http://www.bigace.de/demo.html
CVE ID : CVE-2009-0667
It was discovered that the ocsinventory-agent which is part of the
ocsinventory suite, a hardware and software configuration indexing service,
is prone to an insecure perl module search path. As the agent is started
via cron and the current directory (/ in this case) is included in the
default perl module path the agent scans every directory on the system
for its perl modules. This enables an attacker to execute arbitrary code
via a crafted ocsinventory-agent perl module placed on the system.
access to the Calendar. Any of the pages in pPIM can be accessed this way.
Arbitrary File Upload
pPIM's upload.php script allows attackers to upload arbitrary scripts of
any type to the target server. To do this using Perl simply create the
file and upload it using Perl:
$ echo "<?php echo phpinfo();?>" > phpinfo.php
The execute the following Perl script:
Debian Security Advisory DSA-1678-2 security@debian.org
http://www.debian.org/security/ Florian Weimer
December 21, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : perl
Vulnerability : design flaws
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-5302 CVE-2008-5303
Debian Bug : 286905 286922 479317
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2008-0013
Synopsis: Updated ESX packages for OpenSSL, net-snmp, perl
Issue date: 2008-08-12
Updated on: 2008-08-12 (initial release of advisory)
CVE numbers: CVE-2007-3108, CVE-2007-5135, CVE-2008-2292,
CVE-2008-0960, CVE-2008-1927
- ------------------------------------------------------------------------
- Severity: 5/5
=============================================
I. VULNERABILITY
-------------------------
SmbClientParser perl module allows remote command execution.
II. BACKGROUND
-------------------------
SmbClientParser is a useful perl module to writing Netbios interactive
codes, is a wraper from linux smbclient command and can be downloaded
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Perl: Execution of arbitrary code
Date: May 20, 2008
Bugs: #219203
ID: 200805-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Perl: Execution of arbitrary code
Date: May 20, 2008
Bugs: #219203
ID: 200805-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
F5 BIG-IP Management Interface Perl Injection
Product: F5 BIG-IP
http://www.f5.com/products/big-ip/
The F5 BIG-IP reconfiguration facility, used by both the web management interface and the CLI, suffers from insufficient input validation and/or sanitization of certain reconfiguration requests. It is possible for a logged-in user with Resource Manager or Administrator privileges to inject arbitrary Perl code, including spawning Unix shell commands, that gets immediately executed with root privileges. (For the Administrator role this does not provide any new privileges because it is already provided with full shell access as root.)
The core of the problem is using Perl EP3 with templates containing substitutions similar to
Debian Security Advisory DSA-1556-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
April 24, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : perl
Vulnerability : heap buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2008-1927
Debian Bug : 454792
Debian Security Advisory DSA-1556-2 security@debian.org
http://www.debian.org/security/ Florian Weimer
April 27, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : perl
Vulnerability : heap buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2008-1927
Debian Bug : 454792
Mandriva Linux Security Advisory MDKSA-2007:207
http://www.mandriva.com/security/
_______________________________________________________________________
Package : perl
Date : November 5, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
#!/usr/bin/perl
#
#---------------------------------------------------------
# WysGui CMS 1.2 BETA(cookie) BSQL
#---------------------------------------------------------
# CMS INFORMATION:
#
#-->WEB: http://wysgui.com/
#-->DOWNLOAD: http://sourceforge.net/projects/wysgui/
#-->DEMO: http://wysgui.com/demo/
(gdb) x/x $edx
0x8048000: Cannot access memory at address 0x8048000
(gdb)
- ---
the same result we can get with perl(1)
PoC perl:
- ---
#!/usr/local/bin/perl
printf "%.512f", 1;
#!/usr/bin/perl
#-----------------------------------------------------------------
#BLIND SQL INJECTION (GET var 'AlbumID')--RTWebalbum 1.0.462-->
#-----------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://rtwebalbum.x12.pl/
#-->DOWNLOAD: http://sourceforge.net/projects/rtwebalbum/
#-->DEMO: http://rtwebalbum.x12.pl/
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
postgresql-plperl-8.1 8.1.21-0ubuntu0.6.06
postgresql-pltcl-8.1 8.1.21-0ubuntu0.6.06
Ubuntu 8.04 LTS:
postgresql-plperl-8.3 8.3.11-0ubuntu8.04
postgresql-pltcl-8.3 8.3.11-0ubuntu8.04
#!/usr/bin/perl
#
#-------------------------------------------------
# (module custompage.php) BLIND SQL INJECTION
#-------------------------------------------------
#
# CMS INFORMATION:
#
#-->WEB: http://www.clantiger.com
#-->DOWNLOAD: http://www.clantiger.com/download-clan-cms
Of course not. I include this information to report in details
Then...when do you need a browser to launch a perl exploit?
Why do you include "TESTED ON: firefox 3"? Would you not be able to
trigger this bug using other browsers?
On Sun, May 31, 2009 at 8:53 PM, <y3nh4ck3r (at) gmail (dot) com [email concealed]> wrote:
> #!/usr/bin/perl
> #-----------------------------------------------------------------------
#!/usr/bin/perl
#---------------------------------------------------------------------------
#(POST var 'rating') BLIND SQL INJECTION--microTopic v1 Initial Release-->
#---------------------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://sourceforge.net/projects/microtopic/
#-->DOWNLOAD: http://sourceforge.net/projects/microtopic/
#-->DEMO: N/A
127# cd len
127# mkdir 24
127# mkdir 23
127# mkdir 22
127# cd 22
127# perl -e '$a="C"x22;for(1..50000){ ! -d $a and mkdir $a and chdir $a }'
127# du .
Segmentation fault (core dumped)
127# cd ../23/
127# perl -e '$a="C"x23;for(1..50000){ ! -d $a and mkdir $a and chdir $a }'
127# du .
Next Page>>
|
