CVE-2012-6329

04.01.2013, 21:55

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

Code Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
perl	perl	𝑥 ≤ 5.16.2
perl	perl	5.10
perl	perl	5.10.0
perl	perl	5.10.0:rc1
perl	perl	5.10.0:rc2
perl	perl	5.10.1
perl	perl	5.10.1:rc1
perl	perl	5.10.1:rc2
perl	perl	5.11.0
perl	perl	5.11.1
perl	perl	5.11.2
perl	perl	5.11.3
perl	perl	5.11.4
perl	perl	5.11.5
perl	perl	5.12.0
perl	perl	5.12.0:rc0
perl	perl	5.12.0:rc1
perl	perl	5.12.0:rc2
perl	perl	5.12.0:rc3
perl	perl	5.12.0:rc4
perl	perl	5.12.0:rc5
perl	perl	5.12.1
perl	perl	5.12.1:rc1
perl	perl	5.12.1:rc2
perl	perl	5.12.2
perl	perl	5.12.2:rc1
perl	perl	5.12.3
perl	perl	5.12.3:rc1
perl	perl	5.12.3:rc2
perl	perl	5.12.3:rc3
perl	perl	5.13.0
perl	perl	5.13.1
perl	perl	5.13.2
perl	perl	5.13.3
perl	perl	5.13.4
perl	perl	5.13.5
perl	perl	5.13.6
perl	perl	5.13.7
perl	perl	5.13.8
perl	perl	5.13.9
perl	perl	5.13.10
perl	perl	5.13.11
perl	perl	5.14.0
perl	perl	5.14.0:rc1
perl	perl	5.14.0:rc2
perl	perl	5.14.0:rc3
perl	perl	5.14.1
perl	perl	5.14.2
perl	perl	5.14.3
perl	perl	5.16.0
perl	perl	5.16.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

perl

bookworm	5.36.0-7+deb12u1 fixed
bullseye	5.32.1-4+deb11u3 fixed
bullseye (security)	5.32.1-4+deb11u4 fixed
sid	5.40.0-6 fixed
trixie	5.40.0-6 fixed

Ubuntu Releases

Ubuntu Product

Codename

perl

lucid	Fixed 5.10.1-8ubuntu2.4 released
precise	Fixed 5.14.2-6ubuntu2.4 released
quantal	Fixed 5.14.2-13ubuntu0.3 released
raring	not-affected
saucy	not-affected

Red Hat Enterprise Linux Releases

Red Hat Product

Release

perl

RHEL 6

4:5.10.1-130.el6_4

fixed

perl-Archive-Extract

RHEL 6

1:0.38-130.el6_4

fixed

perl-Archive-Tar

RHEL 6

0:1.58-130.el6_4

fixed

perl-CGI

RHEL 6

0:3.51-130.el6_4

fixed

perl-CPAN

RHEL 6

0:1.9402-130.el6_4

fixed

perl-CPANPLUS

RHEL 6

0:0.88-130.el6_4

fixed

perl-Compress-Raw-Bzip2

RHEL 6

0:2.020-130.el6_4

fixed

perl-Compress-Raw-Zlib

RHEL 6

1:2.020-130.el6_4

fixed

perl-Compress-Zlib

RHEL 6

0:2.020-130.el6_4

fixed

perl-Digest-SHA

RHEL 6

1:5.47-130.el6_4

fixed

perl-ExtUtils-CBuilder

RHEL 6

1:0.27-130.el6_4

fixed

perl-ExtUtils-Embed

RHEL 6

0:1.28-130.el6_4

fixed

perl-ExtUtils-MakeMaker

RHEL 6

0:6.55-130.el6_4

fixed

perl-ExtUtils-ParseXS

RHEL 6

1:2.2003.0-130.el6_4

fixed

perl-File-Fetch

RHEL 6

0:0.26-130.el6_4

fixed

perl-IO-Compress-Base

RHEL 6

0:2.020-130.el6_4

fixed

perl-IO-Compress-Bzip2

RHEL 6

0:2.020-130.el6_4

fixed

perl-IO-Compress-Zlib

RHEL 6

0:2.020-130.el6_4

fixed

perl-IO-Zlib

RHEL 6

1:1.09-130.el6_4

fixed

perl-IPC-Cmd

RHEL 6

1:0.56-130.el6_4

fixed

perl-Locale-Maketext-Simple

RHEL 6

1:0.18-130.el6_4

fixed

perl-Log-Message

RHEL 6

1:0.02-130.el6_4

fixed

perl-Log-Message-Simple

RHEL 6

0:0.04-130.el6_4

fixed

perl-Module-Build

RHEL 6

1:0.3500-130.el6_4

fixed

perl-Module-CoreList

RHEL 6

0:2.18-130.el6_4

fixed

perl-Module-Load

RHEL 6

1:0.16-130.el6_4

fixed

perl-Module-Load-Conditional

RHEL 6

0:0.30-130.el6_4

fixed

perl-Module-Loaded

RHEL 6

1:0.02-130.el6_4

fixed

perl-Module-Pluggable

RHEL 6

1:3.90-130.el6_4

fixed

perl-Object-Accessor

RHEL 6

1:0.34-130.el6_4

fixed

perl-Package-Constants

RHEL 6

1:0.02-130.el6_4

fixed

perl-Params-Check

RHEL 6

1:0.26-130.el6_4

fixed

perl-Parse-CPAN-Meta

RHEL 6

1:1.40-130.el6_4

fixed

perl-Pod-Escapes

RHEL 6

1:1.04-130.el6_4

fixed

perl-Pod-Simple

RHEL 6

1:3.13-130.el6_4

fixed

perl-Term-UI

RHEL 6

0:0.20-130.el6_4

fixed

perl-Test-Harness

RHEL 6

0:3.17-130.el6_4

fixed

perl-Test-Simple

RHEL 6

0:0.92-130.el6_4

fixed

perl-Time-HiRes

RHEL 6

4:1.9721-130.el6_4

fixed

perl-Time-Piece

RHEL 6

0:1.15-130.el6_4

fixed

perl-core

RHEL 6

0:5.10.1-130.el6_4

fixed

perl-devel

RHEL 6

4:5.10.1-130.el6_4

fixed

perl-libs

RHEL 6

4:5.10.1-130.el6_4

fixed

perl-parent

RHEL 6

1:0.221-130.el6_4

fixed

perl-suidperl

RHEL 6

4:5.10.1-130.el6_4

fixed

perl-version

RHEL 6

3:0.77-130.el6_4

fixed

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224

http://code.activestate.com/lists/perl5-porters/187746/

http://code.activestate.com/lists/perl5-porters/187763/

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

http://openwall.com/lists/oss-security/2012/12/11/4

http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod

http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8

http://rhn.redhat.com/errata/RHSA-2013-0685.html

http://sourceforge.net/mailarchive/message.php?msg_id=30219695

http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329

http://www.mandriva.com/security/advisories?name=MDVSA-2013:113

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/56950

http://www.ubuntu.com/usn/USN-2099-1

https://bugzilla.redhat.com/show_bug.cgi?id=884354

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224

http://code.activestate.com/lists/perl5-porters/187746/

http://code.activestate.com/lists/perl5-porters/187763/

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

http://openwall.com/lists/oss-security/2012/12/11/4

http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod

http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8

http://rhn.redhat.com/errata/RHSA-2013-0685.html

http://sourceforge.net/mailarchive/message.php?msg_id=30219695

http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329

http://www.mandriva.com/security/advisories?name=MDVSA-2013:113

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/56950

http://www.ubuntu.com/usn/USN-2099-1

https://bugzilla.redhat.com/show_bug.cgi?id=884354

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032