You are here

V-043: Perl Locale::Maketext Module '_compile()' Multiple Code Injection Vulnerabilities

December 10, 2012 - 1:00am

Addthis

PROBLEM:

Perl Locale::Maketext Module Two Code Injection Vulnerabilities

PLATFORM:

Locale::Maketext 1.23 is affected; other versions also may be affected.

ABSTRACT:

Two vulnerabilities have been reported in Locale::Maketext module for Perl

REFERENCE LINKS:

Secunia Advisory SA51498
Debian Bug report logs - #695224
Bugtraq ID:  56852 

IMPACT ASSESSMENT:

Medium

DISCUSSION:

Two vulnerabilities have been reported in Locale::Maketext module for Perl, which can be exploited by malicious users to compromise an application using the module.

The vulnerabilities are caused due to the "_compile()" function not properly sanitising input, which can be exploited to inject and execute arbitrary Perl code.

IMPACT:

Remote attackers can exploit these issues to inject and run arbitrary Perl code in the context of the affected application.

SOLUTION:

Fixed in the GIT repository.

Addthis