CVE-2011-3597
Published: 13 January 2012
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
Notes
Author | Note |
---|---|
mdeslaur |
fixed in digest 1.17 |
jdstrand |
from RedHat bug: "To successfully exploit this vulnerability, the attacker must already be able to execute Perl code or be able to set the algorithm name to be used by the constructor in the form "$ctx = |
Digest- |
new(XXX => $arg,...)", which is very unlikely to happen." |
Priority
Status
Package | Release | Status |
---|---|---|
libdigest-perl
Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(1.17-1)
|
|
quantal |
Not vulnerable
(1.17-1)
|
|
raring |
Not vulnerable
(1.17-1)
|
|
saucy |
Not vulnerable
(1.17-1)
|
|
upstream |
Released
(1.17-1)
|
|
perl
Launchpad, Ubuntu, Debian |
hardy |
Released
(5.8.8-12ubuntu0.7)
|
lucid |
Released
(5.10.1-8ubuntu2.2)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(5.12.4-4ubuntu0.1)
|
|
precise |
Not vulnerable
(5.12.4-6)
|
|
quantal |
Not vulnerable
(5.12.4-6)
|
|
raring |
Not vulnerable
(5.12.4-6)
|
|
saucy |
Not vulnerable
(5.12.4-6)
|
|
upstream |
Released
(5.12.4-6)
|
|
Patches:
vendor: https://rhn.redhat.com/errata/RHSA-2011-1424.html |