Perl 'decode_xs()' and 'File::Glob::bsd_glob()' Remote Code Execution Vulnerabilities

Bugtraq ID: 49858
Class: Unknown
CVE: CVE-2011-2728
CVE-2011-2939
Remote: Yes
Local: No
Published: Sep 29 2011 12:00AM
Updated: Apr 13 2015 09:21PM
Credit: Clement Lecigne and Robert Zacek
Vulnerable: Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 12.10 i386
Ubuntu Ubuntu Linux 12.10 amd64
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop 6
Perl.org Perl 5.14.1
Oracle Solaris 9
Oracle Solaris 11.1
Oracle Solaris 11
Oracle Solaris 10
Oracle Enterprise Linux 6
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Gentoo Linux
Avaya Aura Experience Portal 6.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya 96x1 IP Deskphones 6.2
Not Vulnerable: Perl.org Perl 5.14.2
Oracle Solaris 11.1.11.4.0


 

Privacy Statement
Copyright 2010, SecurityFocus