A security flaw was found in the way Perl performed laundering of tainted data. A remote attacker could use this flaw to bypass Perl TAINT mode protection mechanism (leading to commands execution on dirty arguments or file system access via contaminated variables) via specially-crafted input provided to the web application / CGI script. Upstream bug report: http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336 Relevant patch: http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99 References: [1] https://bugzilla.redhat.com/show_bug.cgi?id=692844
*** Bug 692844 has been marked as a duplicate of this bug. ***
This issue did NOT affect the versions of the perl package, as shipped with Red Hat Enterprise Linux 4 and 5. -- This issue affects the version of the perl package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the perl package, as shipped with Fedora release of 13 and 14. Please schedule an update.
Public PoC from [1]: $ perl -Te 'use Scalar::Util qw(tainted); printf("%d %d %d\n", tainted($0), tainted(lc($0)), tainted(uc($0)));' 1 0 0 CVE Request: [2] http://www.openwall.com/lists/oss-security/2011/04/01/3
Created perl tracking bugs for this issue Affects: fedora-all [bug 692900]
This issue was given the name CVE-2011-1487: http://www.openwall.com/lists/oss-security/2011/04/04/35
Statement: The Red Hat Security Response Team has rated this issue as having low security impact, and it did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4 and 5. A future update in Red Hat Enterprise Linux 6 may address this flaw.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0558 https://rhn.redhat.com/errata/RHSA-2011-0558.html