Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0761 to the following vulnerability: Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0761 [2] http://www.securityfocus.com/archive/1/archive/1/517916/100/0/threaded [3] http://www.toucan-system.com/advisories/tssa-2011-03.txt [4] http://www.securityfocus.com/bid/47766 [5] http://securitytracker.com/id?1025507 [6] http://xforce.iss.net/xforce/xfdb/67355
Public PoC from [3]: ==================== #!/usr/bin/perl $a = getsockname(9505,4590,"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA",17792);
This issue did NOT affect the versions of the perl package, as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the version of the perl package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the version of the perl package, as shipped with Fedora release of 13. This issue did NOT affect the version of the perl package, as shipped with Fedora release of 14.
Created perl tracking bugs for this issue Affects: fedora-13 [bug 705003]
Statement: Red Hat does not consider this problem to be a security issue. Input passed to these functions should be under the full control of the script author, therefore no trust boundary is crossed.
Upstream mailing list reaction: http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2011-06/msg00027.html regarding classification of this issue as a security flaw.