CVE-2005-3962
https://notcve.org/view.php?id=CVE-2005-3962
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://marc.info/?l=full-disclosure&m=113342788118630&w=2 http://secunia. • CWE-189: Numeric Errors •
CVE-2005-0448
https://notcve.org/view.php?id=CVE-2005-0448
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 http://fedoranews.org/updates/FEDORA--.shtml http://secunia.com/advisories/14531 http://secunia.com/advisories/17079 http://secunia.com/advisories/18075 http://secunia.com/advisories/18517 http://secunia.com/advisories/55314 http://www.debian.org/security/2005/dsa-696 http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml http:/ •
CVE-2005-0156 – Setuid perl - 'PerlIO_Debug()' Local Overflow
https://notcve.org/view.php?id=CVE-2005-0156
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. • https://www.exploit-db.com/exploits/791 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 http://fedoranews.org/updates/FEDORA--.shtml http://marc.info/?l=bugtraq&m=110737149402683&w=2 http://marc.info/?l=full-disclosure&m=110779721503111&w=2 http://secunia.com/advisories/14120 http://secunia.com/advisories/55314 http://www.digitalmunition.com/DMA%5B2005-0131b%5D.txt http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml http://www.mandriva. •
CVE-2005-0155 – Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation
https://notcve.org/view.php?id=CVE-2005-0155
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. • https://www.exploit-db.com/exploits/792 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 http://fedoranews.org/updates/FEDORA--.shtml http://marc.info/?l=bugtraq&m=110737149402683&w=2 http://marc.info/?l=full-disclosure&m=110779723332339&w=2 http://secunia.com/advisories/14120 http://secunia.com/advisories/21646 http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm http://www.digitalmunition.com/DMA%5B2005-0131a%5D.txt http://www.gentoo.org& •
CVE-2004-2286 – ActivePerl 5.x / Larry Wall Perl 5.x - Duplication Operator Integer Overflow
https://notcve.org/view.php?id=CVE-2004-2286
Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow. • https://www.exploit-db.com/exploits/24130 http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html http://www.securityfocus.com/bid/10380 https://exchange.xforce.ibmcloud.com/vulnerabilities/16224 •