Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2005-3962

Disclosure Date: December 01, 2005
CVE-2005-3962
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • perl

Products

  • perl 5.8.6,
  • perl 5.9.2

References

Canonical
CVE-2005-3962 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962)
BID-15629 (http://www.securityfocus.com/bid/15629)
Advisory
ADV-2006-4750 (http://www.vupen.com/english/advisories/2006/4750)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
VU#948385 (http://www.kb.cert.org/vuls/id/948385)
OSVDB-22255 (http://www.osvdb.org/22255)
SECUNIA-17941 (http://secunia.com/advisories/17941)
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
20051201 Perl format string integer wrap vulnerability (http://www.securityfocus.com/archive/1/418333/100/0/threaded)
HPSBTU02125 (http://www.securityfocus.com/archive/1/438726/100/0/threaded)
20051201 Perl format string integer wrap vulnerability (http://marc.info?l=full-disclosure&m=113342788118630&w=2)
ADV-2005-2688 (http://www.vupen.com/english/advisories/2005/2688)
OSVDB-21345 (http://www.osvdb.org/21345)
http://www.redhat.com/support/errata/RHSA-2005-881.html
http://docs.info.apple.com/article.html?artnum=304829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
DSA-943 (http://www.debian.org/security/2006/dsa-943)
SECUNIA-17993 (http://secunia.com/advisories/17993)
SECUNIA-18075 (http://secunia.com/advisories/18075)
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
ADV-2006-0771 (http://www.vupen.com/english/advisories/2006/0771)
SECUNIA-20894 (http://secunia.com/advisories/20894)
USN-222-1 (https://usn.ubuntu.com/222-1)
ADV-2006-2613 (http://www.vupen.com/english/advisories/2006/2613)
SECUNIA-18413 (http://secunia.com/advisories/18413)
SECUNIA-23155 (http://secunia.com/advisories/23155)
SECUNIA-17762 (http://secunia.com/advisories/17762)
SECUNIA-18187 (http://secunia.com/advisories/18187)
SECUNIA-18517 (http://secunia.com/advisories/18517)
SECUNIA-18295 (http://secunia.com/advisories/18295)
http://www.novell.com/linux/security/advisories/2005_71_perl.html
SECUNIA-18183 (http://secunia.com/advisories/18183)
http://www.redhat.com/support/errata/RHSA-2005-880.html
APPLE-SA-2006-11-28 (http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html)
TA06-333A (http://www.us-cert.gov/cas/techalerts/TA06-333A.html)
SUNALERT-102192 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1)
SECUNIA-17952 (http://secunia.com/advisories/17952)
http://www.ipcop.org/index.php?name=News&file=article&sid=41
GLSA-200512-01 (http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml)
SECUNIA-31208 (http://secunia.com/advisories/31208)
SECUNIA-17802 (http://secunia.com/advisories/17802)
http://www.novell.com/linux/security/advisories/2005_29_sr.html
SECUNIA-19041 (http://secunia.com/advisories/19041)
SECUNIA-17844 (http://secunia.com/advisories/17844)
Miscellaneous
http://www.dyadsecurity.com/perl-0002.html
[3.7] 20060105 007: SECURITY FIX: January 5, 2006 (http://www.openbsd.org/errata37.html#perl)
http://distro.conectiva.com.br/atualizacoes?id=a&anuncio=001056
OpenPKG-SA-2005.025 (http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html)
TSLSA-2005-0070 (http://www.trustix.org/errata/2005/0070)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
https://usn.ubuntu.com/222-1/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis