7.5

CVE-2012-6329

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PerlPerl Version <= 5.16.2
PerlPerl Version5.10
PerlPerl Version5.10.0
PerlPerl Version5.10.0 Updaterc1
PerlPerl Version5.10.0 Updaterc2
PerlPerl Version5.10.1
PerlPerl Version5.10.1 Updaterc1
PerlPerl Version5.10.1 Updaterc2
PerlPerl Version5.11.0
PerlPerl Version5.11.1
PerlPerl Version5.11.2
PerlPerl Version5.11.3
PerlPerl Version5.11.4
PerlPerl Version5.11.5
PerlPerl Version5.12.0
PerlPerl Version5.12.0 Updaterc0
PerlPerl Version5.12.0 Updaterc1
PerlPerl Version5.12.0 Updaterc2
PerlPerl Version5.12.0 Updaterc3
PerlPerl Version5.12.0 Updaterc4
PerlPerl Version5.12.0 Updaterc5
PerlPerl Version5.12.1
PerlPerl Version5.12.1 Updaterc1
PerlPerl Version5.12.1 Updaterc2
PerlPerl Version5.12.2
PerlPerl Version5.12.2 Updaterc1
PerlPerl Version5.12.3
PerlPerl Version5.12.3 Updaterc1
PerlPerl Version5.12.3 Updaterc2
PerlPerl Version5.12.3 Updaterc3
PerlPerl Version5.13.0
PerlPerl Version5.13.1
PerlPerl Version5.13.2
PerlPerl Version5.13.3
PerlPerl Version5.13.4
PerlPerl Version5.13.5
PerlPerl Version5.13.6
PerlPerl Version5.13.7
PerlPerl Version5.13.8
PerlPerl Version5.13.9
PerlPerl Version5.13.10
PerlPerl Version5.13.11
PerlPerl Version5.14.0
PerlPerl Version5.14.0 Updaterc1
PerlPerl Version5.14.0 Updaterc2
PerlPerl Version5.14.0 Updaterc3
PerlPerl Version5.14.1
PerlPerl Version5.14.2
PerlPerl Version5.14.3
PerlPerl Version5.16.0
PerlPerl Version5.16.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 61.6% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://rhn.redhat.com/errata/RHSA-2013-0685.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224
http://code.activestate.com/lists/perl5-porters/187746/
http://code.activestate.com/lists/perl5-porters/187763/
http://openwall.com/lists/oss-security/2012/12/11/4
http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod
http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8
Patch
http://sourceforge.net/mailarchive/message.php?msg_id=30219695
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329
http://www.securityfocus.com/bid/56950
http://www.ubuntu.com/usn/USN-2099-1
https://bugzilla.redhat.com/show_bug.cgi?id=884354
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032