thr3ads.net - Secure testing team - [Secure-testing-team] Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc [Apr 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Dominic Hargreaves

2011-Apr-14 20:45 UTC

[Secure-testing-team] Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc

Package: perl
Version: 5.10.1-19
Severity: grave
Tags: security
Justification: user security hole

CVE description:

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl
5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11,
do not apply the taint attribute to the return value upon processing
tainted input, which might allow context-dependent attackers to bypass
the taint protection mechanism via a crafted string. 

Upstream report: <http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336>
Redhat bug: <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1487>
Fix from bleadperl:
<http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99>
Fedora fix in 5.12: <https://bugzilla.redhat.com/show_bug.cgi?id=692900>

Secure testing team - Apr 2011 - Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc

[Secure-testing-team] Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc