CVE-2012-6329
Foswiki MAKETEXT - Remote Command Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
La función _compile en Maketext.pm en la implementación de Locale::Maketext en Perl anteriores a v5.17.7 no gestionan de forma adecuada los slash cruzados (\) y lo nombres de métodos cualificados durante la compilación o notación de comillas, lo que permite a atacantes dependiendo del contexto a ejecutar comandos a través de entradas manipulados sobre una aplicación que acepta la traslación de cadenas desde usuarios, como se demostró por la aplicación TWiki anteriores a v5.1.3, y la aplicación Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6.
Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-12-10 CVE Reserved
- 2012-12-15 CVE Published
- 2012-12-15 First Exploit
- 2024-08-06 CVE Updated
- 2025-05-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (23)
URL | Tag | Source |
---|---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224 | X_refsource_confirm | |
http://code.activestate.com/lists/perl5-porters/187746 | Mailing List | |
http://code.activestate.com/lists/perl5-porters/187763 | Mailing List | |
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | X_refsource_confirm | |
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | X_refsource_confirm | |
http://openwall.com/lists/oss-security/2012/12/11/4 | Mailing List | |
http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod | X_refsource_confirm | |
http://sourceforge.net/mailarchive/message.php?msg_id=30219695 | Mailing List | |
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | X_refsource_confirm |
|
http://www.securityfocus.com/bid/56950 | Vdb Entry | |
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://packetstorm.news/files/id/119055 | 2012-12-24 | |
https://packetstorm.news/files/id/118856 | 2012-12-15 | |
https://packetstorm.news/files/id/119054 | 2012-12-24 | |
https://www.exploit-db.com/exploits/23580 | 2012-12-23 | |
https://www.exploit-db.com/exploits/23579 | 2012-12-23 |
URL | Date | SRC |
---|---|---|
http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8 | 2016-12-08 |
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2013-0685.html | 2016-12-08 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 | 2016-12-08 | |
http://www.ubuntu.com/usn/USN-2099-1 | 2016-12-08 | |
https://bugzilla.redhat.com/show_bug.cgi?id=884354 | 2013-03-26 | |
https://access.redhat.com/security/cve/CVE-2012-6329 | 2013-03-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | <= 5.16.2 Search vendor "Perl" for product "Perl" and version " <= 5.16.2" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10 Search vendor "Perl" for product "Perl" and version "5.10" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.0 Search vendor "Perl" for product "Perl" and version "5.10.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.0 Search vendor "Perl" for product "Perl" and version "5.10.0" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.0 Search vendor "Perl" for product "Perl" and version "5.10.0" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.1 Search vendor "Perl" for product "Perl" and version "5.10.1" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.1 Search vendor "Perl" for product "Perl" and version "5.10.1" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.1 Search vendor "Perl" for product "Perl" and version "5.10.1" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.0 Search vendor "Perl" for product "Perl" and version "5.11.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.1 Search vendor "Perl" for product "Perl" and version "5.11.1" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.2 Search vendor "Perl" for product "Perl" and version "5.11.2" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.3 Search vendor "Perl" for product "Perl" and version "5.11.3" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.4 Search vendor "Perl" for product "Perl" and version "5.11.4" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.5 Search vendor "Perl" for product "Perl" and version "5.11.5" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc0 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc3 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc4 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc5 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.1 Search vendor "Perl" for product "Perl" and version "5.12.1" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.1 Search vendor "Perl" for product "Perl" and version "5.12.1" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.1 Search vendor "Perl" for product "Perl" and version "5.12.1" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.2 Search vendor "Perl" for product "Perl" and version "5.12.2" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.2 Search vendor "Perl" for product "Perl" and version "5.12.2" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | rc3 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.0 Search vendor "Perl" for product "Perl" and version "5.13.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.1 Search vendor "Perl" for product "Perl" and version "5.13.1" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.2 Search vendor "Perl" for product "Perl" and version "5.13.2" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.3 Search vendor "Perl" for product "Perl" and version "5.13.3" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.4 Search vendor "Perl" for product "Perl" and version "5.13.4" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.5 Search vendor "Perl" for product "Perl" and version "5.13.5" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.6 Search vendor "Perl" for product "Perl" and version "5.13.6" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.7 Search vendor "Perl" for product "Perl" and version "5.13.7" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.8 Search vendor "Perl" for product "Perl" and version "5.13.8" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.9 Search vendor "Perl" for product "Perl" and version "5.13.9" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.10 Search vendor "Perl" for product "Perl" and version "5.13.10" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.11 Search vendor "Perl" for product "Perl" and version "5.13.11" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | rc3 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.1 Search vendor "Perl" for product "Perl" and version "5.14.1" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.2 Search vendor "Perl" for product "Perl" and version "5.14.2" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.3 Search vendor "Perl" for product "Perl" and version "5.14.3" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.16.0 Search vendor "Perl" for product "Perl" and version "5.16.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.16.1 Search vendor "Perl" for product "Perl" and version "5.16.1" | - |
Affected
|