CVE-2011-1487
CVE-2011-1487
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/35554unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://openwall.com/lists/oss-security/2011/04/01/3http://openwall.com/lists/oss-security/2011/04/04/35http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336https://bugzilla.redhat.com/show_bug.cgi?id=692844https://bugzilla.redhat.com/show_bug.cgi?id=692898http://secunia.com/advisories/43921http://secunia.com/advisories/44168https://exchange.xforce.ibmcloud.com/vulnerabilities/66528