CVE-2009-1884
https://notcve.org/view.php?id=CVE-2009-1884
Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. Error de superación de límite (Off-by-one) en la función bzinflate en Bzip2.xs en el módulo Compress-Raw-Bzip2 anterior a v2.018 para Perl permite a atacantes dependientes de contexto producir una denegación de servicio (cuelgue de aplicación o caída) a través de un stream comprimido de bzip2 que inicia un desbordamiento de búfer, una situación parecida a CVE-2009-1391. • http://secunia.com/advisories/36386 http://secunia.com/advisories/36415 http://security.gentoo.org/glsa/glsa-200908-07.xml http://www.securityfocus.com/bid/36082 https://bugs.gentoo.org/show_bug.cgi?id=281955 https://bugzilla.redhat.com/show_bug.cgi?id=518278 https://exchange.xforce.ibmcloud.com/vulnerabilities/52628 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html • CWE-189: Numeric Errors •
CVE-2009-0663 – perl-DBD-Pg: pg_getline buffer overflow
https://notcve.org/view.php?id=CVE-2009-0663
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. Desbordamiento de búfer basado en pila en el módulo DBD::Pg (alias DBD-Pg o libdbd-pg-perl) v1.49 para Perl podría permitir a atacantes, dependiendo del contexto, ejecutar código arbitrario a través de una entrada sin especificar a una aplicación que utiliza las funciones getline y pg_getline para leer filas de la base de datos. • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/34909 http://secunia.com/advisories/35058 http://secunia.com/advisories/35685 http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz http://www.debian.org/security/2009/dsa-1780 http://www.redhat.com/support/errata/RHSA-2009-0479.html http://www.redhat.com/support/errata/RHSA-2009-1067.html http://www.securityfocus.com/b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0129
https://notcve.org/view.php?id=CVE-2009-0129
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. libcrypt-openssl-dsa-perl no comprueba adecuadamente el valor de retorno de las funciones OpenSSL_DSA_verify y DSA_do_verify, lo que permitiria a atacantes remotos evitar la validacion de la cadena de certificados a traves de una firma SSL/TLS malformada, similar a la vulnerabilidad CVE-2008-5077. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519 http://openwall.com/lists/oss-security/2009/01/12/4 • CWE-287: Improper Authentication •
CVE-2008-5302 – perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
https://notcve.org/view.php?id=CVE-2008-5302
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. Condición de carrera en la función rmtree de File::Path 1.08 y 2.07 (lib/File/Path.pm) en Perl 5.8.8 y 5.10.0 permite a usuarios locales crear binarios setuid arbitrarios a través de un ataque por enlace simbólico. Se trata de una vulnerabilidad diferente que CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/32980 http://secunia.com/advisories/33314 http://secunia.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2008-5303 – perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1
https://notcve.org/view.php?id=CVE-2008-5303
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. Condición de carrera en la función rmtree en File::Path 1.08 (lib/File/Path.pm) en Perl 5.8.8 permite a usuarios locales borrar archivos arbitrarios a través de un ataque de enlace simbólico, una vulnerabilidad diferente a CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. NOTA: esto es un error de regresión relacionado con CVE-2005-0448. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://secunia.com/advisories/32980 http://secunia.com/advisories/33314 http://secunia.com/advisories/40052 http://support.apple.com/kb/HT4077 http://wiki.rp • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •