Detections
Analytics
openSUSE Security Update : perl (openSUSE-SU-2011:0479-1)
medium Nessus Plugin ID 75993
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update fixes a bug in perl that makes spamassassin crash and does not allow bypassing taint mode by using lc() or uc() anymore.- CVE-2010-4777: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
- CVE-2011-1487: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N): Permissions, Privileges, and Access Control (CWE-264)
Solution
Update the affected perl packages.See Also
https://bugzilla.novell.com/show_bug.cgi?id=657625
https://bugzilla.novell.com/show_bug.cgi?id=676086
https://bugzilla.novell.com/show_bug.cgi?id=678877
https://bugzilla.novell.com/show_bug.cgi?id=684799
https://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
Plugin Details
Severity: Medium
ID: 75993
File Name: suse_11_4_perl-110506.nasl
Version: 1.7
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/13/2014
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:perl, p-cpe:/a:novell:opensuse:perl-32bit, p-cpe:/a:novell:opensuse:perl-base, p-cpe:/a:novell:opensuse:perl-base-32bit, p-cpe:/a:novell:opensuse:perl-base-debuginfo, p-cpe:/a:novell:opensuse:perl-base-debuginfo-32bit, p-cpe:/a:novell:opensuse:perl-debuginfo, p-cpe:/a:novell:opensuse:perl-debuginfo-32bit, p-cpe:/a:novell:opensuse:perl-debugsource, cpe:/o:novell:opensuse:11.4
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/6/2011
Reference Information
CVE: CVE-2010-4777, CVE-2011-1487