Info

Disclosure

Jan 05, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in Perl on OpenBSD. The interpreter can be used to cause a buffer overflow. No futher details have been provided.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity, Impact Unknown
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released patches to address this vulnerability.

Products

OpenBSD	OpenBSD	3.7
		3.8

References

OVAL ID: 1074
Bugtraq ID: 15629
Secunia Advisory ID: 17762 17802 17844 17941 17952 17993 18075 18183 18187 18295 18413 18517 19041 20894 23155 31208
CVE ID: 2005-3962 (see also: NVD)
Related OSVDB ID: 21345 22255
CERT VU: 948385
VUPEN Advisory: ADV-2005-2688 ADV-2006-0771 ADV-2006-2613 ADV-2006-4750
Vendor Specific News/Changelog Entry: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch http://docs.info.apple.com/article.html?artnum=304829
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.openbsd.org/errata.html
http://www.openbsd.org/errata37.html#perl
Vendor Specific Solution URL: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
Other Advisory URL: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
http://www.debian.org/security/2006/dsa-943
http://www.dyadsecurity.com/perl-0002.html
http://www.ipcop.org/index.php?name=News&file=article&sid=41
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.novell.com/linux/security/advisories/2005_71_perl.html
http://www.openbsd.org/errata37.html#perl
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
http://www.trustix.org/errata/2005/0070
http://www.ubuntulinux.org/support/documentation/usn/usn-222-1
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
Mail List Post: http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
http://www.securityfocus.com/archive/1/archive/1/418333/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/438726/100/0/threaded
RedHat RHSA: RHSA-2005:880 RHSA-2005:881
CERT: TA06-333A

Credit

OpenBSD - OpenBSD

Direct URL: http://osvdb.org/22255