OpenPKG Security Advisory
OpenPKG-SA-2007.023
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.023 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.023 Advisory Published: 2010-09-03 22:49 UTC Issue Id (internal): OpenPKG-SI-20071108.01 Issue First Created: 2007-11-08 Issue Last Modified: 2007-11-08 Issue Revision: 01
Subject Name: perl Subject Summary: Programming Language Subject Home: http://www.perl.com/ Subject Versions: 5.* <= 5.8.8 Vulnerability Id: CVE-2007-5116 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: arbitrary code execution Description: Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in the regular expression compiler of the Perl [0] programming language, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions. The bug manifests in a possible buffer overflow in the polymorphic "opcode" support code, caused by ASCII regular expressions that really are Unicode regular expressions. References: [0] http://www.perl.com/
Primary Package Name: perl Primary Package Home: http://openpkg.org/go/package/perl Affected Distribution: Affected Branch: Affected Package: OpenPKG Community CURRENT perl-5.8.8-20071011 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community CURRENT perl-5.8.8-20071108
