SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Perl Vendors:   Wall, Larry
(Ubuntu Issues Fix) Perl Heap Overflows Let Users Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code
SecurityTracker Alert ID:  1040688
SecurityTracker URL:  http://securitytracker.com/id/1040688
CVE Reference:   CVE-2018-6797, CVE-2018-6798, CVE-2018-6913   (Links to External Site)
Date:  Apr 17 2018
Impact:   Denial of service via local system, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   Several vulnerabilities were reported in Perl. A local user can execute arbitrary code or cause denial of service conditions on the target system. A local user can obtain potentially sensitive information.

A local user can run Perl code with a specially crafted regular expression to trigger a heap overflow S_regatom() in 'regcomp.c' and execute arbitrary code on the target system or cause the target system to crash [CVE-2018-6797].

A local user can run Perl code with a specially crafted locale dependent regular expression to trigger a heap buffer overread and access potentially sensitive information on the target system [CVE-2018-6798].

A local user can run Perl code with a specially crafted pack() function call to trigger a heap overflow and execute arbitrary code on the target system or cause the target system to crash [CVE-2018-6913].

These vulnerabilities can also be exploited by remote or remote authenticated users with the ability to upload and execute Perl scripts.

Brian Carpenter, Nguyen Duc Manh, and GwanYeong Kim reported these vulnerabilities.

Impact:   A local user can execute arbitrary code on the target system.

A local user can cause denial of service conditions on the target system.

A local user can obtain potentially sensitive information.

Solution:   Ubuntu has issued a fix.

The Ubuntu advisory is available at:

https://usn.ubuntu.com/usn/usn-3625-1

Vendor URL:  usn.ubuntu.com/usn/usn-3625-1 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Ubuntu)
Underlying OS Comments:  14.04 LTS, 16.04 LTS, 17.10

Message History:   This archive entry is a follow-up to the message listed below.
Apr 15 2018 Perl Heap Overflows Let Users Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC