Perl 'decode_xs()' and 'File::Glob::bsd_glob()' Remote Code Execution Vulnerabilities

Bugtraq ID: 49858
Class: Unknown
CVE: CVE-2011-2728
CVE-2011-2939
Remote: Yes
Local: No
Published: Sep 29 2011 12:00AM
Updated: Jan 20 2014 09:33AM
Credit: Clement Lecigne and Robert Zacek
Vulnerable: Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
Sun Solaris 11
Red Hat Fedora 14
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop 6
Perl.org Perl 5.14.1
Oracle Enterprise Linux 6
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Gentoo Linux
Avaya Aura Experience Portal 6.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Not Vulnerable: Perl.org Perl 5.14.2


 

Privacy Statement
Copyright 2010, SecurityFocus