Upstream information

CVE-2005-3962 at MITRE

Description

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.6
Vector AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 136360 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.0
  • perl >= 5.8.7-5.3
  • perl-32bit >= 5.8.7-5.3
  • perl-64bit >= 5.8.7-5.3
SuSE Linux 9.0 for IA32
  • perl >= 5.8.1-133
SuSE Linux 9.0 for AMD64
  • perl >= 5.8.1-133
  • perl-32bit >= 9.0-5
SUSE LINUX 9.1 for IA32
  • perl >= 5.8.3-32.9
SUSE LINUX 9.1 for x86-64
  • perl >= 5.8.3-32.9
  • perl-32bit >= 9.1-200512180858
SUSE LINUX 9.2
  • perl >= 5.8.5-3.5
  • perl-32bit >= 9.2-200512191352
SUSE LINUX 9.3
  • perl >= 5.8.6-5.3
  • perl-32bit >= 9.3-7.1
SUSE LINUX Retail Solution 8
SuSE Linux Desktop 1.0
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • perl >= 5.8.0-204
sles9-oes.x86
suse91.ppc
suse91.s390
suse91.ia64
slec.x86
ul1.x86-64
ul1.ppc
ul1.s390
core9.x86-64
ul1.ia64
YOU Patch Nr: 10808
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • perl >= 5.8.3-32.9
sles9-oes.x86
suse91.ppc
suse91.s390
suse91.ia64
slec.x86
ul1.x86-64
ul1.ppc
ul1.s390
core9.x86-64
ul1.ia64
YOU Patch Nr: 10808
Novell Linux Desktop 9 for x86_64
  • perl >= 5.8.3-32.9
  • perl-32bit >= 9-200512171950
sles9-oes.x86
suse91.ppc
suse91.s390
suse91.ia64
slec.x86
ul1.x86-64
ul1.ppc
ul1.s390
core9.x86-64
ul1.ia64
YOU Patch Nr: 10808