Details of VAR-200711-0540

ID

VAR-200711-0540

CVE

CVE-2007-5116

TITLE

Perl Buffer Overflow Vulnerability in Regular Expression Engine

Trust: 0.8

sources: JVNDB: JVNDB-2007-000796

DESCRIPTION

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input. This facilitates the remote compromise of affected computers. Perl 5.8 is vulnerable to this issue; other versions may also be affected. An error in the way Perl's regular expression engine calculates the space required to process regular expressions could allow a local attacker to elevate privileges. =========================================================== Ubuntu Security Notice USN-552-1 December 04, 2007 perl vulnerability CVE-2007-5116 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libperl5.8 5.8.7-10ubuntu1.1 Ubuntu 6.10: libperl5.8 5.8.8-6ubuntu0.1 Ubuntu 7.04: libperl5.8 5.8.8-7ubuntu0.1 Ubuntu 7.10: libperl5.8 5.8.8-7ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1.diff.gz Size/MD5: 165472 98da6197bbc7b042806866f19809a8b5 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1.dsc Size/MD5: 737 a90e131231bab24114d318e852fbc451 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-10ubuntu1.1_all.deb Size/MD5: 7207544 8a96f50ff5738a2fafd7beb74a02f435 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-10ubuntu1.1_all.deb Size/MD5: 2325742 021c622fda16904921dfcf02a6aa96c4 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-10ubuntu1.1_all.deb Size/MD5: 40008 bd31ddd280da57be85e00c7c19d1f457 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 640850 9d0719b4779da8f93fedfb0eb654132b http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 1012 9c697f9e42f949736cf725e9c2774371 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 820628 080304d81ce38cc91246c8c2b7ee891f http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 31478 dc27f9788ff01fd5097976ee75626e61 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 3978354 6d79ae2514a3ec9f152d0de125531192 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 2639400 2532bbf9f7ec861e7722d5cc1bef9836 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 559856 9ca996d88c16acb2a19eb6f80e3a68f4 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 505890 501159b17800e56a2824b06aca598460 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 737866 d3ca5af34f45f36979e644cb5e94cbb9 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 28974 c4eade3cf3be3b813bcbd7af7841b146 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 3296740 7e67c35913fd8046a75434e401130497 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 2404442 0138415fc08635142fb0985f30997655 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 656338 6201cd747c040ba44701ed056c9760c0 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 1014 fecb67e1721ab983e3fb1a69eb610672 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 815514 2799cd895e4681ed7f194039368e1dae http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 32042 808c4cdcc9db259a87224bbe75394c96 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 3656072 73cdf23c1e5fbda52f4936bb6d52fc9a http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 2594308 f6585376f877b9838bb62bd09002de49 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 599300 d4011b7ac37b77c53901f676a623cd0f http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 1008 caf72f034baf309d4a9269d45148325d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 790400 23a9e4c89ad2fe168ccc2391a89e463d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 30114 a53a3f41de69344ec741d46220e3ad7e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 3581290 7be78922d29146a99fb5a3f7dec3790e http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 2485596 02c9351609686d699573508e64fa2db0 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1.diff.gz Size/MD5: 88034 e7b46f9bc884e567164e379ab26e9650 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1.dsc Size/MD5: 749 910ebb281f9ea452ae0857c8314d1cfd http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8.orig.tar.gz Size/MD5: 12829188 b8c118d4360846829beb30b02a6b91a7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-6ubuntu0.1_all.deb Size/MD5: 7352010 b99926050f3b94b3e48860f70f740aa3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8-6ubuntu0.1_all.deb Size/MD5: 2309166 9d0fd2d1e39918d3dc0b1aab4c94fef1 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.8-6ubuntu0.1_all.deb Size/MD5: 40398 22b82469393909ff8696fb66c5cd3a53 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 633844 d731f8b5c5e72a8f901b8e5f1ff9c969 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 1060 3f823954c678b8ec7cdbfa162769c5a2 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 809976 4b9d37a405a280fecd1f66de779bb3ff http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 2740032 0f8417f96f652753f1ba80248cf00b22 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 33032 2f89afbc96c250918bc1ca19d91e1adb http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 4047288 5732ea8ac056e8b84eae8aacff85e39f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 576166 39f1f4597d70b448edabcf55ae025d31 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 521498 35f0badd87f6ea95677671a923c0bd9b http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 751416 fec47b71b9705f139a119e758522650c http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 2507638 631968cae57f3b647ee7a2cbf6c1c326 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 31446 697584fbffbdb407f414688b5e65de2e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 3375590 d60160cc0c6f0f02d7001c2b5b6c0eda powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 655630 54ed7f131777c37840a07d45449abbed http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 1058 c7d4ed077dc5f47813cf9651832c4139 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 811264 dbfa0db2d5addbef8999a7ca635f76c9 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 2704838 d58cadf730c133612a2b715a6d1ba76b http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 33034 cb872bf5e3e82f2fadd68531744fce74 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 3734780 89ad67a21fad9c6ad706ef4528ab244b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 596308 ba0fd9953be95186e73fc0182e8bc638 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 1058 249e2f0416e9dda9b89b200fc0307abf http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 785358 57c0b81325a4178a03c5459f3764892c http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 2580646 a6bc6816614b1498813f73c64f6fcee5 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 31238 30dac6d5bc7e52ca86bf31b63d2b4bdc http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 3675336 12fa93853d4b4aec097c5bf94280fdb5 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1.diff.gz Size/MD5: 93072 d7601147dea2f84164094cb5f465468f http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1.dsc Size/MD5: 833 dc5eec23d30c9c2949d7f8db63853b1e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8.orig.tar.gz Size/MD5: 12829188 b8c118d4360846829beb30b02a6b91a7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-7ubuntu0.1_all.deb Size/MD5: 7352222 e55e069d2f8000557b7b5b2aa0a1adcb http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8-7ubuntu0.1_all.deb Size/MD5: 2309560 dd6bed420c639b12e8d87e1e1c17761f http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.8-7ubuntu0.1_all.deb Size/MD5: 40926 c175bc89fb6e7ab0a09b42a256dffc92 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 633990 6f659d15fd70053cadabb6eb4a62af97 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 1054 9bce50cfb434976acdf5fde560b20488 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 825078 097d8f4a1122478d3757e806ce87aa52 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 2751476 6f3d9b0d94b648240948c67cda43f5ea http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 33584 d9a3ef3ef1fe338c5d8d4b8becd90e54 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 4053672 6d4e46bffe916b65f60ad22646ffe04f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 575736 4e8b9308d46c94245aa425d5d748310b http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 533092 0e51d08b389b40e4de7ba387d1e84ec6 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 764366 95193d01ace6a4e14a1def19b3f30545 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 2519080 f2d8e651e6a675a98f86f65646ce39e1 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 31944 8c6a5688d5f2aff2af6a3720f493a171 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 3387948 69d6eaa7c204c6fe7f64b654cf152894 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 655158 5353abcd2b8cc6984e62af1560c23553 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 1058 f4de2f8f93bc1b1b2b254165c145ee3b http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 854058 a17efcd900e80cee096b1ad7d01b0f46 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 2721466 1412c01799559dd3d78e82c74a916996 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 37020 96638207a58488a7be3b5736020fa9fe http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 3769700 da74c33814b0565f4f073b00cecea400 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 596338 0cd6d0e9704cd7ee3b3dd9e33f9d3396 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 1058 84c48fa4edef5274c8d9d4c55fe3b52a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 798438 69eb63699dea95c17df557ccd44564ca http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 2592862 98850ef36922fa444fd0502afba43bd7 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 33070 d22c4f74172c4adba2697abf5c73c68e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 3682418 60c99f0e4ccc43f85c79938a96ee0455 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1.diff.gz Size/MD5: 93377 1e4ec9cfc65220001f38e66bc4f56f9e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1.dsc Size/MD5: 833 4f3fbac268e294b885eae342164b3689 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8.orig.tar.gz Size/MD5: 12829188 b8c118d4360846829beb30b02a6b91a7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-7ubuntu3.1_all.deb Size/MD5: 7352108 e5eb23ee5b3aa0cdc9695a16d6806dce http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8-7ubuntu3.1_all.deb Size/MD5: 2309548 a3e19bb488e5abdd25bb6dbfcfc41f01 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.8-7ubuntu3.1_all.deb Size/MD5: 41112 015a3cd3f858159ca6e8f59d9f24a4ea amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 636102 f074f93f1d6f20b5b4fd3a87681fcc6d http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 1058 a08f769b54183fa2e1ad5209df65b4fa http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 826274 dded240edee784d66b32d15a42e21420 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 2758908 030cca99de6221176f6f1b30b2730761 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 33638 0fb9c0f1f5a4ec9be1a8fa5b153f3a31 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 4054576 ed997ee6c2d500d6edc6cbc0044ce6be i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 576402 9a43f0153732f1c9da78dd888a679e08 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 533380 1bb3c67a2d586ef3eaefb41be94ab729 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 765194 3e7418191776393366a27650158850f8 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 2522478 f8720540f22cf8cf7f09b3456b327cae http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 31910 f109f1280eb2d49cd1c1ce6a0ca1f0be http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 3386812 7d0627fd447f7304f09cf1f97fd9a60d powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 655908 8938912ff5b287ecf0cc03346c34bbb1 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 1064 798ce70342c8d3604f23f5752866ea81 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 854220 c486169333316db7439e1095b1cce637 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 2724854 bdcd88d30efe2b485b35250c5c3ee797 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 37026 a83324fe5b2179fd06f06bd68d349f25 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 3768652 1a31197fa79647a63ea3ae553353a857 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 596948 2d898e93ec93bec4f77d7d88601fab96 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 1060 3d3ecf3c4b079230a7232667d86df061 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 799330 db0cf8569787563788f4b4299f3a24c3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 2594250 4d26ef4c14fa16e0cd5b94a75596590d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 33122 264999f3199971dc1cf0aca911c3b1ea http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 3684732 497152ef28c663d150b4d1d564a1b068 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities Date: December 12, 2014 Bugs: #196865, #335508, #483632, #508322 ID: 201412-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Background ========== AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/emul-linux-x86-baselibs < 20140406-r1 >= 20140406-r1 Description =========== Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All users of the AMD64 x86 emulation base libraries should upgrade to the latest version: # emerge --sync # emerge -1av ">=app-emulation/emul-linux-x86-baselibs-20140406-r1" NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them. References ========== [ 1 ] CVE-2007-0720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720 [ 2 ] CVE-2007-1536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536 [ 3 ] CVE-2007-2026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026 [ 4 ] CVE-2007-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445 [ 5 ] CVE-2007-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741 [ 6 ] CVE-2007-3108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108 [ 7 ] CVE-2007-4995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995 [ 8 ] CVE-2007-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116 [ 9 ] CVE-2007-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 [ 10 ] CVE-2007-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266 [ 11 ] CVE-2007-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268 [ 12 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 13 ] CVE-2007-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849 [ 14 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 15 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 16 ] CVE-2013-0339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339 [ 17 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 18 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 19 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 20 ] CVE-2014-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0001 Synopsis: Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages Issue date: 2008-01-07 Updated on: 2008-01-07 CVE numbers: CVE-2007-5360 CVE-2007-5398 CVE-2007-4572 CVE-2007-5191 CVE-2007-5116 CVE-2007-3108 CVE-2007-5135 - ------------------------------------------------------------------- 1. Summary: Updated service console patches 2. Relevant releases: ESX Server 3.0.2 without patches ESX-1002969, ESX-1002970, ESX-1002971, ESX-1002975, ESX-1002976 ESX Server 3.0.1 without patches ESX-1002962, ESX-1002963, ESX-1002964, ESX-1002968, ESX-1002972, ESX-1003176 3. Problem description: I OpenPegasus PAM Authentication Buffer Overflow Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. This flaw could be exploited by a malicious remote user on the service console network to gain root access to the service console. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5360 to this issue. RPM Updated: pegasus-2.5-552927 VM Shutdown: No Host Reboot: No Note: ESX Server 3.5 and ESX Server 3i are not affected by this issue. ESX Server 3.0.2 http://download3.vmware.com/software/vi/ESX-1002970.tgz md5sum: d19115e965d486e72100ce489efea707 http://kb.vmware.com/kb/1002970 ESX Server 3.0.1 http://download3.vmware.com/software/vi/ESX-1003176.tgz md5sum: 5674ca0dcfac90726014cc316444996e http://kb.vmware.com/kb/1003176 ESX Server 2.5.x Users should remove the OpenPegasus CIM Management rpm. This component is disabled by default, and VMware recommends that you do not use this component of ESX Server 2.x. If you want to use the CIM functionality, upgrade to ESX Server 3.0.1 or a later release. Note: This vulnerability can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. II Service Console package security updates a. Updated Samba package An issue where attackers on the service console management network can cause a stack-based buffer overflow in the reply_netbios_packet function of nmbd in Samba. On systems where Samba is being used as a WINS server, exploiting this vulnerability can allow remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. An issue where attackers on the service console management network can exploit a vulnerability that occurs when Samba is configured as a Primary or Backup Domain controller. The vulnerability allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5398 and CVE-2007-4572 to these issues. Note: By default Samba is not configured as a WINS server or a domain controller and ESX is not vulnerable unless the administrator has changed the default configuration. This vulnerability can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. RPM Updated: samba-3.0.9-1.3E.14.1vmw samba-client-3.0.9-1.3E.14.1vmw samba-common-3.0.9-1.3E.14.1vmw VM Shutdown: Yes Host Reboot: Yes ESX Server 3.5.0 is not affected by this issue ESX Server 3.0.2 http://download3.vmware.com/software/vi/ESX-1002975.tgz md5sum: 797a7494c2c4eb49629d3f94818df5dd http://kb.vmware.com/kb/1002975 ESX Server 3.0.1 http://download3.vmware.com/software/vi/ESX-1002968.tgz md5sum: 5106d90afaf77c3a0d8433487f937d06 http://kb.vmware.com/kb/1002968 ESX Server 2.5.5 download Upgrade Patch 3 ESX Server 2.5.4 download Upgrade Patch 14 b. Updated util-linux package The patch addresses an issue where the mount and umount utilities in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which could allow attackers to gain elevated privileges via helper application such as mount.nfs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5191 to this issue. RPM Updated: util-linux-2.11y-31.24vmw losetup-2.11y-31.24vmw mount -2.11y-31.24vmw VM Shutdown: Yes Host Reboot: Yes ESX Server 3.0.2 http://download3.vmware.com/software/vi/ESX-1002976.tgz md5sum: 0fe833c50c0ecb0ff9340d6674be2e43 http://kb.vmware.com/kb/1002976 ESX Server 3.0.1 http://download3.vmware.com/software/vi/ESX-1002972.tgz md5sum: 59ca4a43f330c5f0b7a55693aa952cdc http://kb.vmware.com/kb/1002972 c. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5116 to this issue. RPM Updated: perl-5.8.0-97.EL3 VM Shutdown: Yes Host Reboot: Yes ESX Server 3.0.2 http://download3.vmware.com/software/vi/ESX-1002971.tgz md5sum: 337b09d9ae4b1694a045e216b69765e1 http://kb.vmware.com/kb/1002971 ESX Server 3.0.1 http://download3.vmware.com/software/vi/ESX-1002964.tgz md5sum: d47e26104bfd5e4018ae645638c94487 http://kb.vmware.com/kb/1002964 d. Updated OpenSSL package A flaw in the SSL_get_shared_ciphers() function can allow an attacker to cause a buffer overflow problem by sending ciphers to applications that use the function. A possible vulnerability that would allow a local attacker to obtain private RSA keys being used on a system using the OpenSSL package. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3108, and CVE-2007-5135 to these issues. RPM Updated: openssl-0.9.7a-33.24 VM Shutdown: Yes Host Reboot: Yes ESX Server 3.0.2 http://download3.vmware.com/software/vi/ESX-1002969.tgz md5sum: 72fd28a9f9380158db149259fbdcaa3b http://kb.vmware.com/kb/1002969 ESX Server 3.0.1 http://download3.vmware.com/software/vi/ESX-1002962.tgz md5sum: a0727bdc2e1a6f00d5fe77430a6ee9d6 http://kb.vmware.com/kb/1002962 ESX Server 2.5.5 download Upgrade Patch 3 ESX Server 2.5.4 download Upgrade Patch 14 4. Solution: Please review the Patch notes for your product and version and verify the md5sum of your downloaded file. ESX Server 3.x Patches: http://www.vmware.com/download/vi/vi3_patches.html ESX Server 2.x Patches: http://www.vmware.com/download/esx/esx2_patches.html ESX Server 2.5.5 Upgrade Patch 3 http://download3.vmware.com/software/esx/esx-2.5.5-65742-upgrade.tar.gz md5sum: 9068250fdd604e8787ef40995a4638f9 http://www.vmware.com/support/esx25/doc/esx-255-200712-patch.html ESX Server 2.5.4 Upgrade Patch 14 http://download3.vmware.com/software/esx/esx-2.5.4-65752-upgrade.tar.gz md5sum: 24990b9207f882ccc91545b6fc90273d http://www.vmware.com/support/esx25/doc/esx-254-200712-patch.html 5. References: CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 - ------------------------------------------------------------------- 6. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce@lists.vmware.com * bugtraq@securityfocus.com * full-disclosure@lists.grok.org.uk E-mail: security@vmware.com Security web site http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHgtXJS2KysvBH1xkRCPnYAJoDMpdOmgs4e+JQ610SCjnKF99wpgCfcVO3 UCcAvs574f1LCZv+8lPQvrk= =Hzno -----END PGP SIGNATURE----- . Updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 7dee97092269465ccb5de0f35321ab13 2007.0/i586/perl-5.8.8-7.1mdv2007.0.i586.rpm efd626e1f1efd248e6c6570e88a599c3 2007.0/i586/perl-base-5.8.8-7.1mdv2007.0.i586.rpm 62b10d28a5abc05d3b8cd35c7f68e8aa 2007.0/i586/perl-devel-5.8.8-7.1mdv2007.0.i586.rpm 3a9dc19143ab6a27713fdeb6665d8d76 2007.0/i586/perl-doc-5.8.8-7.1mdv2007.0.i586.rpm 60b511580ae4f514434dd111efa42872 2007.0/i586/perl-suid-5.8.8-7.1mdv2007.0.i586.rpm 08e44392992b4ab983bf85debb8be462 2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: be33f079454aec3b88f21716dfacf8d6 2007.0/x86_64/perl-5.8.8-7.1mdv2007.0.x86_64.rpm 5a82850218434119c3f55047b3068213 2007.0/x86_64/perl-base-5.8.8-7.1mdv2007.0.x86_64.rpm 4f995ed4fa46f2bf79a427d9341e895b 2007.0/x86_64/perl-devel-5.8.8-7.1mdv2007.0.x86_64.rpm e949a7e20661c6c5f4c4511f25196ff6 2007.0/x86_64/perl-doc-5.8.8-7.1mdv2007.0.x86_64.rpm a3df44cc0b957b02bfcab3eed98542dd 2007.0/x86_64/perl-suid-5.8.8-7.1mdv2007.0.x86_64.rpm 08e44392992b4ab983bf85debb8be462 2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm Mandriva Linux 2007.1: efb800025ab3001b90af0e16e5a49886 2007.1/i586/perl-5.8.8-10.1mdv2007.1.i586.rpm 515beec177dd5a0418090016ae357274 2007.1/i586/perl-base-5.8.8-10.1mdv2007.1.i586.rpm ae79195a6f27e44fd4ff7899497cf948 2007.1/i586/perl-devel-5.8.8-10.1mdv2007.1.i586.rpm f721306e820d4c66db3466917cde67f9 2007.1/i586/perl-doc-5.8.8-10.1mdv2007.1.i586.rpm 85a219e5b2c3788841024be8d81b2cac 2007.1/i586/perl-suid-5.8.8-10.1mdv2007.1.i586.rpm 9b22a92ec4a3dc898a12bbb80ada4de2 2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 1a17302f843293a5dc0063fe3e4549c0 2007.1/x86_64/perl-5.8.8-10.1mdv2007.1.x86_64.rpm c85ba481d517ec81c54eea5bc7064405 2007.1/x86_64/perl-base-5.8.8-10.1mdv2007.1.x86_64.rpm 5d3b84a1444339a83058bc3493506d22 2007.1/x86_64/perl-devel-5.8.8-10.1mdv2007.1.x86_64.rpm 005d395a8717bd5af248820eb01cc1d8 2007.1/x86_64/perl-doc-5.8.8-10.1mdv2007.1.x86_64.rpm f6c966ea032f921f033934d1f894b96b 2007.1/x86_64/perl-suid-5.8.8-10.1mdv2007.1.x86_64.rpm 9b22a92ec4a3dc898a12bbb80ada4de2 2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 6e84010549818c839e91034391b79f4f 2008.0/i586/perl-5.8.8-12.1mdv2008.0.i586.rpm f09541f2caf348aee64161cecdf7276e 2008.0/i586/perl-base-5.8.8-12.1mdv2008.0.i586.rpm dce7ae7aba1d356fd366075b67478493 2008.0/i586/perl-devel-5.8.8-12.1mdv2008.0.i586.rpm b3169afea74fd707021d03410172b6c0 2008.0/i586/perl-doc-5.8.8-12.1mdv2008.0.i586.rpm 78585fde0ad5b02f3e7c0f01d31a1ccf 2008.0/i586/perl-suid-5.8.8-12.1mdv2008.0.i586.rpm 584ad050342c7136e161fc48d29398bf 2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 6ee9071cb1b0a6f38e731b1cd9a421e7 2008.0/x86_64/perl-5.8.8-12.1mdv2008.0.x86_64.rpm d7bd85fb101d94bf1dc84bcf817533d7 2008.0/x86_64/perl-base-5.8.8-12.1mdv2008.0.x86_64.rpm 031487e27d7f2a12003efe8ab714a096 2008.0/x86_64/perl-devel-5.8.8-12.1mdv2008.0.x86_64.rpm 3c1846b134cbd1461ffd291a95f6e2d2 2008.0/x86_64/perl-doc-5.8.8-12.1mdv2008.0.x86_64.rpm 99f545fefe35f45b5d90d2f98fe14da5 2008.0/x86_64/perl-suid-5.8.8-12.1mdv2008.0.x86_64.rpm 584ad050342c7136e161fc48d29398bf 2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm Corporate 3.0: 9388a0766403e1accc6afc3d963960ba corporate/3.0/i586/perl-5.8.3-5.6.C30mdk.i586.rpm a67623fb7d2e4e18ca8976c64e43a4ca corporate/3.0/i586/perl-base-5.8.3-5.6.C30mdk.i586.rpm 9068ad50c3e10c29940bb071651a8d4d corporate/3.0/i586/perl-devel-5.8.3-5.6.C30mdk.i586.rpm a8a2e1b1963c212e4644c320f27c71d3 corporate/3.0/i586/perl-doc-5.8.3-5.6.C30mdk.i586.rpm 15b73b73ea6dd0de1100e1445690c034 corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm Corporate 3.0/X86_64: f2f7445b49d5d7afa7b3766d71bdf65f corporate/3.0/x86_64/perl-5.8.3-5.6.C30mdk.x86_64.rpm ef5dabb99fdbe28068089eba1fd8bcc4 corporate/3.0/x86_64/perl-base-5.8.3-5.6.C30mdk.x86_64.rpm 4a5a04a330db20f460229aa69ded5e95 corporate/3.0/x86_64/perl-devel-5.8.3-5.6.C30mdk.x86_64.rpm 2bc06d931706f57fa946822f9396ffd6 corporate/3.0/x86_64/perl-doc-5.8.3-5.6.C30mdk.x86_64.rpm 15b73b73ea6dd0de1100e1445690c034 corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm Corporate 4.0: e158109794ad5e71bc02f41adec150e1 corporate/4.0/i586/perl-5.8.7-3.3.20060mlcs4.i586.rpm 03c680726cf01c3d8f25cb7d61d7bb10 corporate/4.0/i586/perl-base-5.8.7-3.3.20060mlcs4.i586.rpm 51f55a3998dbcf2e9abcf821ffb3026f corporate/4.0/i586/perl-devel-5.8.7-3.3.20060mlcs4.i586.rpm f936e8720be0d37223b8a97dc2ed2704 corporate/4.0/i586/perl-doc-5.8.7-3.3.20060mlcs4.i586.rpm b4068ddb2d92f4845c29a6b3ca8feef5 corporate/4.0/i586/perl-suid-5.8.7-3.3.20060mlcs4.i586.rpm 3b23f4612d0a011d50c5eb6960ffa5c4 corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: c42250a8c42a0e349102ff977c6659cc corporate/4.0/x86_64/perl-5.8.7-3.3.20060mlcs4.x86_64.rpm 82d2bcbda0229415464c10471f881517 corporate/4.0/x86_64/perl-base-5.8.7-3.3.20060mlcs4.x86_64.rpm 7f07eddd92d4c49b3ee5c32c69d52996 corporate/4.0/x86_64/perl-devel-5.8.7-3.3.20060mlcs4.x86_64.rpm 140b57c79fc305a52e13ce5550e7d05c corporate/4.0/x86_64/perl-doc-5.8.7-3.3.20060mlcs4.x86_64.rpm ec3007ca202716e0c3872c37141fc2cc corporate/4.0/x86_64/perl-suid-5.8.7-3.3.20060mlcs4.x86_64.rpm 3b23f4612d0a011d50c5eb6960ffa5c4 corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm Multi Network Firewall 2.0: 8ea5d389e9ddd9ca2e1b78869ad14ca7 mnf/2.0/i586/perl-5.8.3-5.6.M20mdk.i586.rpm f53bd974980010568e5153578d628323 mnf/2.0/i586/perl-base-5.8.3-5.6.M20mdk.i586.rpm 1335c295512b38ea524e201c66551132 mnf/2.0/i586/perl-devel-5.8.3-5.6.M20mdk.i586.rpm 8e306b59ecbb8583d5c1e4e74ef62e34 mnf/2.0/i586/perl-doc-5.8.3-5.6.M20mdk.i586.rpm 7576ea8ec817978b4602f5bf4c3436c5 mnf/2.0/SRPMS/perl-5.8.3-5.6.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHL9FBmqjQ0CJFipgRAhxaAJ44oWRrf/Q1Zj9q+HP4Y3pj9Y8XugCg398H Rl9c0TwvCe/HjAyI42+NhlU= =o1R+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Background ========== Perl is a stable, cross-platform programming language created by Larry Wall. b. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01362465 Version: 1 HPSBTU02311 SSRT080001 rev.1 - HP Tru64 UNIX running Perl, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-02-19 Last Updated: 2008-02-19 Potential Security Impact: Execution of Arbitrary Code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in Perl 5.8.7 and earlier running on HP Tru64 UNIX. References: CVE-2007-5116 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Tru64 UNIX v 5.1B-4 HP Tru64 UNIX v 5.1B-3 Internet Express (IX) for HP Tru64 UNIX v 6.7 BACKGROUND CVSS 2.0 Base Metrics Reference Base Vector Base Score CVE-2007-5116 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. RESOLUTION HP is releasing the following Early Release Patch (ERP) kits publicly for use by any customer until updates are available in mainstream release patch kits. The resolutions contained in the ERP kits are targeted for availability in the following mainstream kits: The Associated Products CD (APCD) associated with HP Tru64 UNIX v 5.1B-5 Internet Express (IX) for HP Tru64 UNIX v 6.8 The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERPs. Contact your service provider for assistance if the installation of the ERPs is blocked by any of your installed CSPs. The ERP kits distribute the following items: Patched version of Perl v 5.8.8 including source code HP Tru64 UNIX Version v5.1B-4 PREREQUISITE: HP Tru64 UNIX v5.1B-4 PK6 (BL27) Name: perl_V51BB27-ES-20080207 Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=perl_V51BB27-ES-20080207 HP Tru64 UNIX Version v5.1B-3 PREREQUISITE: HP Tru64 UNIX v5.1B-3 PK5 (BL26) Name: perl_V51BB26-ES-20080204 Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001399-V51BB26-ES-20071207 Internet Express (IX) for HP Tru64 UNIX v 6.7 PREREQUISITE: HP Tru64 UNIX v5.1B-3 PK5 (BL26) or HP Tru64 UNIX v5.1B-3 PK5 (BL26) NOTE: Use the Perl patch kit appropriate to the operating system version MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links. PRODUCT SPECIFIC INFORMATION HISTORY Version:1 (rev.1) - 19 February 2008 Initial release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2008 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Trust: 2.61

sources: NVD: CVE-2007-5116 // JVNDB: JVNDB-2007-000796 // BID: 26350 // VULHUB: VHN-28478 // PACKETSTORM: 61507 // PACKETSTORM: 129524 // PACKETSTORM: 62401 // PACKETSTORM: 60703 // PACKETSTORM: 61151 // PACKETSTORM: 62911 // PACKETSTORM: 63867

AFFECTED PRODUCTS

vendor:	ibm	model:	aix	scope:	eq	version:	6.1	Trust: 1.1
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 1.1
vendor:	ibm	model:	aix	scope:	eq	version:	5.2	Trust: 1.1
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.4	Trust: 1.0
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.4.2	Trust: 1.0
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.4.2.3	Trust: 1.0
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.0	Trust: 1.0
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.4.3	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake multi network firewall	scope:	eq	version:	2.0	Trust: 1.0
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.4.1	Trust: 1.0
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.4.5	Trust: 1.0
vendor:	openpkg	model:	openpkg	scope:	eq	version:	current	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	1.0	Trust: 1.0
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.1	Trust: 1.0
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.4.4	Trust: 1.0
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.6	Trust: 1.0
vendor:	larry wall	model:	perl	scope:	eq	version:	5.8.3	Trust: 1.0
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (es)	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.1	Trust: 0.8
vendor:	red hat	model:	application stack	scope:	eq	version:	v1 for enterprise linux es (v.4)	Trust: 0.8
vendor:	the perl	model:	perl	scope:	eq	version:	5.8.8	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0 (x86-64)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.4.11	Trust: 0.8
vendor:	red hat	model:	application stack	scope:	eq	version:	v1 for enterprise linux as (v.4)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	10 (x86)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0 (x86-64)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	4.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	3.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86-64)	Trust: 0.8
vendor:	the perl	model:	perl	scope:	lt	version:	version	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86)	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.4.11	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	5.0 (client)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.1	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	10 (sparc)	Trust: 0.8
vendor:	mandrakesoft	model:	mandrake linux corporate server	scope:	eq	version:	3.0	Trust: 0.6
vendor:	mandrakesoft	model:	mandrake linux corporate server	scope:	eq	version:	4.0	Trust: 0.6
vendor:	vmware	model:	esx server	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	vmware	model:	esx server	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	7.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	7.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	7.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	7.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	6.06	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	8	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp1	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	opensuse	scope:	eq	version:	10.3	Trust: 0.3
vendor:	sun	model:	solaris 10 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris 10 sparc	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	unitedlinux	scope:	eq	version:	1.0	Trust: 0.3
vendor:	s u s e	model:	suse linux standard server	scope:	eq	version:	8.0	Trust: 0.3
vendor:	s u s e	model:	suse linux school server for i386	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	suse linux retail solution	scope:	eq	version:	8.0	Trust: 0.3
vendor:	s u s e	model:	suse linux openexchange server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.2	Trust: 0.3
vendor:	s u s e	model:	open-enterprise-server	scope:	eq	version:	0	Trust: 0.3
vendor:	s u s e	model:	linux	scope:	eq	version:	10.1x86-64	Trust: 0.3
vendor:	s u s e	model:	linux	scope:	eq	version:	10.1x86	Trust: 0.3
vendor:	s u s e	model:	linux ppc	scope:	eq	version:	10.1	Trust: 0.3
vendor:	s u s e	model:	linux	scope:	eq	version:	10.0x86-64	Trust: 0.3
vendor:	s u s e	model:	linux	scope:	eq	version:	10.0x86	Trust: 0.3
vendor:	s u s e	model:	linux ppc	scope:	eq	version:	10.0	Trust: 0.3
vendor:	rpath	model:	linux	scope:	eq	version:	1	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	4.0	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	3.0	Trust: 0.3
vendor:	redhat	model:	certificate server	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	application stack for enterprise linux es	scope:	eq	version:	v14	Trust: 0.3
vendor:	redhat	model:	application stack for enterprise linux as	scope:	eq	version:	v14	Trust: 0.3
vendor:	redhat	model:	advanced workstation for the itanium processor ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	redhat	model:	advanced workstation for the itanium processor	scope:	eq	version:	2.1	Trust: 0.3
vendor:	red	model:	hat fedora	scope:	eq	version:	7	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	4	Trust: 0.3
vendor:	red	model:	hat enterprise linux as	scope:	eq	version:	3	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	openpkg	model:	current	scope:	-	version:	-	Trust: 0.3
vendor:	novell	model:	linux pos	scope:	eq	version:	9	Trust: 0.3
vendor:	novell	model:	linux desktop	scope:	eq	version:	9	Trust: 0.3
vendor:	nortel	model:	networks self-service peri workstation	scope:	eq	version:	0	Trust: 0.3
vendor:	nortel	model:	networks self-service peri application	scope:	eq	version:	0	Trust: 0.3
vendor:	nortel	model:	networks self-service mps	scope:	eq	version:	10000	Trust: 0.3
vendor:	nortel	model:	networks self-service ccss7	scope:	eq	version:	-0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2008.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.7	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.6	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.5	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.4-5	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.4-4	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.4-3	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.4-2.3	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.4-2	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.4-1	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.4	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.3	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.1	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8.0-88.3	Trust: 0.3
vendor:	larry	model:	wall perl	scope:	eq	version:	5.8	Trust: 0.3
vendor:	ipcop	model:	ipcop	scope:	eq	version:	1.4.20	Trust: 0.3
vendor:	hp	model:	tru64 b-4	scope:	eq	version:	5.1	Trust: 0.3
vendor:	hp	model:	tru64 b-3	scope:	eq	version:	5.1	Trust: 0.3
vendor:	hp	model:	internet express	scope:	eq	version:	6.7	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	foresight	model:	linux foresight linux	scope:	eq	version:	1.1	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux ppc	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	3.1	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	4.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	ses	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server mm3.0	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	1.0	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	message networking mn	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	interactive response	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	4.0	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	3.0	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	ipcop	model:	ipcop	scope:	ne	version:	1.4.21	Trust: 0.3

sources: BID: 26350 // CNNVD: CNNVD-200711-104 // JVNDB: JVNDB-2007-000796 // NVD: CVE-2007-5116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5116
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-5116
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200711-104
value:	HIGH
Trust: 0.6
VULHUB:	VHN-28478
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-5116
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28478
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28478 // CNNVD: CNNVD-200711-104 // JVNDB: JVNDB-2007-000796 // NVD: CVE-2007-5116

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.1

sources: VULHUB: VHN-28478 // NVD: CVE-2007-5116

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 61507 // PACKETSTORM: 129524 // CNNVD: CNNVD-200711-104

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200711-104

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000796

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-28478

PATCH

title:	Security Update 2007-009	url:	http://docs.info.apple.com/article.html?artnum=307179-en	Trust: 0.8
title:	Security Update 2007-009	url:	http://docs.info.apple.com/article.html?artnum=307179-ja	Trust: 0.8
title:	perl-5.8.8-10.2.1AX	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=74	Trust: 0.8
title:	perl_ifix.tar	url:	ftp://aix.software.ibm.com/aix/efixes/security/perl_ifix.tar	Trust: 0.8
title:	4170	url:	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4170	Trust: 0.8
title:	IZ10244	url:	http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244	Trust: 0.8
title:	perl (V3.0/V4.0)	url:	http://www.miraclelinux.com/support/update/list.php?errata_id=1178	Trust: 0.8
title:	RHSA-2007:1011	url:	http://rhn.redhat.com/errata/RHSA-2007-1011.html	Trust: 0.8
title:	RHSA-2007:0966	url:	https://rhn.redhat.com/errata/RHSA-2007-0966.html	Trust: 0.8
title:	231524	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1	Trust: 0.8
title:	Patch fixes buffer overflow in regexp compiler	url:	http://use.perl.org/article.pl?sid=07/11/29/1432238	Trust: 0.8
title:	Perl 5.8.9 released	url:	http://use.perl.org/articles/08/12/16/1129216.shtml	Trust: 0.8
title:	RHSA-2007:0966	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0966J.html	Trust: 0.8

sources: JVNDB: JVNDB-2007-000796

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5116	Trust: 3.5
db:	BID	id:	26350	Trust: 2.8
db:	SECUNIA	id:	27546	Trust: 2.5
db:	SECUNIA	id:	27531	Trust: 1.7
db:	SECUNIA	id:	27479	Trust: 1.7
db:	SECUNIA	id:	27515	Trust: 1.7
db:	SECUNIA	id:	28387	Trust: 1.7
db:	SECUNIA	id:	27936	Trust: 1.7
db:	SECUNIA	id:	27548	Trust: 1.7
db:	SECUNIA	id:	28167	Trust: 1.7
db:	SECUNIA	id:	28368	Trust: 1.7
db:	SECUNIA	id:	27756	Trust: 1.7
db:	SECUNIA	id:	31208	Trust: 1.7
db:	SECUNIA	id:	27570	Trust: 1.7
db:	SECUNIA	id:	27613	Trust: 1.7
db:	VUPEN	id:	ADV-2007-3724	Trust: 1.7
db:	VUPEN	id:	ADV-2007-4238	Trust: 1.7
db:	VUPEN	id:	ADV-2007-4255	Trust: 1.7
db:	SECTRACK	id:	1018899	Trust: 1.7
db:	USCERT	id:	TA07-352A	Trust: 1.7
db:	XF	id:	38270	Trust: 1.4
db:	SECUNIA	id:	29074	Trust: 1.1
db:	SECUNIA	id:	28993	Trust: 1.1
db:	VUPEN	id:	ADV-2008-0641	Trust: 1.1
db:	VUPEN	id:	ADV-2008-0064	Trust: 1.1
db:	JVNDB	id:	JVNDB-2007-000796	Trust: 0.8
db:	CONFIRM	id:	HTTP://DOCS.INFO.APPLE.COM/ARTICLE.HTML?ARTNUM=307179	Trust: 0.6
db:	CONFIRM	id:	FTP://AIX.SOFTW	Trust: 0.6
db:	AIXAPAR	id:	IZ10220	Trust: 0.6
db:	AIXAPAR	id:	IZ10244	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2007-12-17	Trust: 0.6
db:	BUGTRAQ	id:	20080123 UPDATED VMSA-2008-0001.1 MODERATE OPENPEGASUS PAM AUTHENTICATION BUFFER OVERFLOW AND UPDATED SERVICE CONSOLE PACKAGES	Trust: 0.6
db:	BUGTRAQ	id:	20080108 VMSA-2008-0001 MODERATE OPENPEGASUS PAM AUTHENTICATION BUFFER OVERFLOW AND UPDATED SERVICE CONSOLE PACKAGES	Trust: 0.6
db:	BUGTRAQ	id:	20071112 FLEA-2007-0069-1 PERL	Trust: 0.6
db:	BUGTRAQ	id:	20071110 FLEA-2007-0063-1 PERL	Trust: 0.6
db:	MANDRIVA	id:	MDKSA-2007:207	Trust: 0.6
db:	GENTOO	id:	GLSA-200711-28	Trust: 0.6
db:	DEBIAN	id:	DSA-1400	Trust: 0.6
db:	MLIST	id:	[SECURITY-ANNOUNCE] 20080107 VMSA-2008-0001 MODERATE OPENPEGASUS PAM AUTHENTICATION BUFFER OVERFLOW AND UPDATED SERVICE CONSOLE PACKAGES	Trust: 0.6
db:	REDHAT	id:	RHSA-2007:0966	Trust: 0.6
db:	REDHAT	id:	RHSA-2007:1011	Trust: 0.6
db:	SUSE	id:	SUSE-SR:2007:024	Trust: 0.6
db:	UBUNTU	id:	USN-552-1	Trust: 0.6
db:	CERT/CC	id:	TA07-352A	Trust: 0.6
db:	OPENPKG	id:	OPENPKG-SA-2007.023	Trust: 0.6
db:	CNNVD	id:	CNNVD-200711-104	Trust: 0.6
db:	PACKETSTORM	id:	61507	Trust: 0.2
db:	PACKETSTORM	id:	63867	Trust: 0.2
db:	PACKETSTORM	id:	61151	Trust: 0.2
db:	PACKETSTORM	id:	60703	Trust: 0.2
db:	PACKETSTORM	id:	60738	Trust: 0.1
db:	PACKETSTORM	id:	60792	Trust: 0.1
db:	VULHUB	id:	VHN-28478	Trust: 0.1
db:	PACKETSTORM	id:	129524	Trust: 0.1
db:	PACKETSTORM	id:	62401	Trust: 0.1
db:	PACKETSTORM	id:	62911	Trust: 0.1

sources: VULHUB: VHN-28478 // BID: 26350 // PACKETSTORM: 61507 // PACKETSTORM: 129524 // PACKETSTORM: 62401 // PACKETSTORM: 60703 // PACKETSTORM: 61151 // PACKETSTORM: 62911 // PACKETSTORM: 63867 // CNNVD: CNNVD-200711-104 // JVNDB: JVNDB-2007-000796 // NVD: CVE-2007-5116

REFERENCES

url:	http://www.securityfocus.com/bid/26350	Trust: 2.5
url:	http://secunia.com/advisories/27546	Trust: 2.5
url:	http://support.avaya.com/elmodocs2/security/asa-2008-014.htm	Trust: 2.0
url:	https://bugzilla.redhat.com/show_bug.cgi?id=323571	Trust: 2.0
url:	http://www.ipcop.org/index.php?name=news&file=article&sid=41	Trust: 1.9
url:	http://www-1.ibm.com/support/docview.wss?uid=isg1iz10220	Trust: 1.7
url:	http://www-1.ibm.com/support/docview.wss?uid=isg1iz10244	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2007/dec/msg00002.html	Trust: 1.7
url:	http://www.us-cert.gov/cas/techalerts/ta07-352a.html	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=307179	Trust: 1.7
url:	http://www.vmware.com/security/advisories/vmsa-2008-0001.html	Trust: 1.7
url:	https://issues.rpath.com/browse/rpl-1813	Trust: 1.7
url:	http://www.debian.org/security/2007/dsa-1400	Trust: 1.7
url:	http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdksa-2007:207	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=378131	Trust: 1.7
url:	http://lists.vmware.com/pipermail/security-announce/2008/000002.html	Trust: 1.7
url:	http://www.openpkg.com/security/advisories/openpkg-sa-2007.023.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2007-0966.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2007-1011.html	Trust: 1.7
url:	http://securitytracker.com/id?1018899	Trust: 1.7
url:	http://secunia.com/advisories/27479	Trust: 1.7
url:	http://secunia.com/advisories/27515	Trust: 1.7
url:	http://secunia.com/advisories/27531	Trust: 1.7
url:	http://secunia.com/advisories/27548	Trust: 1.7
url:	http://secunia.com/advisories/27570	Trust: 1.7
url:	http://secunia.com/advisories/27613	Trust: 1.7
url:	http://secunia.com/advisories/27756	Trust: 1.7
url:	http://secunia.com/advisories/27936	Trust: 1.7
url:	http://secunia.com/advisories/28167	Trust: 1.7
url:	http://secunia.com/advisories/28368	Trust: 1.7
url:	http://secunia.com/advisories/28387	Trust: 1.7
url:	http://secunia.com/advisories/31208	Trust: 1.7
url:	http://www.novell.com/linux/security/advisories/2007_24_sr.html	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-552-1	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1	Trust: 1.4
url:	http://xforce.iss.net/xforce/xfdb/38270	Trust: 1.4
url:	http://www.frsirt.com/english/advisories/2007/3724	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5116	Trust: 1.2
url:	http://www.securityfocus.com/archive/1/483563/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/483584/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/485936/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/486859/100/0/threaded	Trust: 1.1
url:	ftp://aix.software.ibm.com/aix/efixes/security/readme	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10669	Trust: 1.1
url:	http://secunia.com/advisories/28993	Trust: 1.1
url:	http://secunia.com/advisories/29074	Trust: 1.1
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1	Trust: 1.1
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/3724	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/4238	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/4255	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/0064	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/0641	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/38270	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=120352263023774&w=2	Trust: 1.0
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5116	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5116	Trust: 0.7
url:	http://www.securityfocus.com/archive/1/archive/1/486859/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/485936/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/483584/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/483563/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/4255	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/4238	Trust: 0.6
url:	http://www.ipcop.org/	Trust: 0.3
url:	http://www.perl.com	Trust: 0.3
url:	http://support.nortel.com/go/main.jsp?cscat=bltndetail&id=767139#products	Trust: 0.3
url:	http://support.avaya.com/elmodocs2/security/asa-2008-359.htm	Trust: 0.3
url:	https://rhn.redhat.com/errata/rhsa-2007-0966.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2007-1011.html	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2007-3108	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5135	Trust: 0.3
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.2
url:	http://security.gentoo.org/	Trust: 0.2
url:	https://bugs.gentoo.org.	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4572	Trust: 0.2
url:	http://download3.vmware.com/software/esx/esx-2.5.5-65742-upgrade.tar.gz	Trust: 0.2
url:	http://download3.vmware.com/software/vi/esx-1002975.tgz	Trust: 0.2
url:	http://download3.vmware.com/software/vi/esx-1002969.tgz	Trust: 0.2
url:	http://kb.vmware.com/kb/1002969	Trust: 0.2
url:	http://kb.vmware.com/kb/1002971	Trust: 0.2
url:	http://www.vmware.com/resources/techresources/726	Trust: 0.2
url:	http://download3.vmware.com/software/vi/esx-1002972.tgz	Trust: 0.2
url:	http://kb.vmware.com/kb/1002964	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5398	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5135	Trust: 0.2
url:	http://download3.vmware.com/software/vi/esx-1002968.tgz	Trust: 0.2
url:	http://www.vmware.com/security	Trust: 0.2
url:	http://download3.vmware.com/software/esx/esx-2.5.4-65752-upgrade.tar.gz	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5191	Trust: 0.2
url:	http://kb.vmware.com/kb/1002972	Trust: 0.2
url:	http://download3.vmware.com/software/vi/esx-1002976.tgz	Trust: 0.2
url:	http://www.vmware.com/download/vi/vi3_patches.html	Trust: 0.2
url:	http://download3.vmware.com/software/vi/esx-1002970.tgz	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2007-4572	Trust: 0.2
url:	http://download3.vmware.com/software/vi/esx-1002962.tgz	Trust: 0.2
url:	http://kb.vmware.com/kb/1002968	Trust: 0.2
url:	http://download3.vmware.com/software/vi/esx-1002971.tgz	Trust: 0.2
url:	http://www.vmware.com/support/policies/security_response.html	Trust: 0.2
url:	http://kb.vmware.com/kb/1002975	Trust: 0.2
url:	http://www.vmware.com/support/esx25/doc/esx-255-200712-patch.html	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3108	Trust: 0.2
url:	http://kb.vmware.com/kb/1002970	Trust: 0.2
url:	http://www.vmware.com/support/esx25/doc/esx-254-200712-patch.html	Trust: 0.2
url:	http://www.vmware.com/support/policies/eos.html	Trust: 0.2
url:	http://www.vmware.com/download/esx/esx2_patches.html	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5360	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5360	Trust: 0.2
url:	http://kb.vmware.com/kb/1003176	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5398	Trust: 0.2
url:	http://kb.vmware.com/kb/1002962	Trust: 0.2
url:	http://download3.vmware.com/software/vi/esx-1003176.tgz	Trust: 0.2
url:	http://download3.vmware.com/software/vi/esx-1002964.tgz	Trust: 0.2
url:	http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5191	Trust: 0.2
url:	http://www.vmware.com/support/policies/eos_vi.html	Trust: 0.2
url:	http://kb.vmware.com/kb/1002976	Trust: 0.2
url:	http://www.ipcop.org/index.php?name=news&file=article&sid=41	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=120352263023774&w=2	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-7ubuntu3.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8-7ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.8-6ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-7ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.8-7ubuntu3.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8-7ubuntu3.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-10ubuntu1.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.8-7ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-10ubuntu1.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-6ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-10ubuntu1.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8-6ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_sparc.deb	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5269	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-2741	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5135	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0160	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2026	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5268	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5266	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-2445	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0338	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5269	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5849	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-1536	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3108	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1969	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-1536	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5266	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2741	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-1205	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1664	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0338	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201412-11.xml	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-2026	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2877	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0339	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1969	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2445	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-0720	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4995	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5849	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-4995	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2877	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5268	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0339	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1664	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0160	Trust: 0.1
url:	http://www.mandriva.com/security/	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	http://www.mandriva.com/security/advisories	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1
url:	http://enigmail.mozdev.org	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-200711-28.xml	Trust: 0.1
url:	http://download3.vmware.com/software/vi/esx350-200712405-sg.zip	Trust: 0.1
url:	http://kb.vmware.com/kb/1003208	Trust: 0.1
url:	http://kb.vmware.com/kb/1003205	Trust: 0.1
url:	http://download3.vmware.com/software/vi/esx350-200712402-sg	Trust: 0.1
url:	http://download3.vmware.com/software/vi/esx350-200712404-sg.zip	Trust: 0.1
url:	http://kb.vmware.com/kb/1003206	Trust: 0.1
url:	http://kb.vmware.com/kb/1003204	Trust: 0.1
url:	http://www.vmware.com/download/vi/vi3_patches_35.html	Trust: 0.1
url:	http://download3.vmware.com/software/vi/esx350-200712403-sg.zip	Trust: 0.1
url:	http://www.itrc.hp.com/service/cki/secbullarchive.do	Trust: 0.1
url:	http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc	Trust: 0.1
url:	http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=perl_v51bb27-es-20080207	Trust: 0.1
url:	http://h30046.www3.hp.com/subsignin.php	Trust: 0.1
url:	http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001399-v51bb26-es-20071207	Trust: 0.1

CREDITS

Tavis Ormandy taviso@gentoo.org Will Drewry wad@google.com

Trust: 0.6

sources: CNNVD: CNNVD-200711-104

SOURCES

db:	VULHUB	id:	VHN-28478
db:	BID	id:	26350
db:	PACKETSTORM	id:	61507
db:	PACKETSTORM	id:	129524
db:	PACKETSTORM	id:	62401
db:	PACKETSTORM	id:	60703
db:	PACKETSTORM	id:	61151
db:	PACKETSTORM	id:	62911
db:	PACKETSTORM	id:	63867
db:	CNNVD	id:	CNNVD-200711-104
db:	JVNDB	id:	JVNDB-2007-000796
db:	NVD	id:	CVE-2007-5116

LAST UPDATE DATE

2025-10-20T03:27:44.576000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28478	date:	2018-10-15T00:00:00
db:	BID	id:	26350	date:	2015-03-19T08:05:00
db:	CNNVD	id:	CNNVD-200711-104	date:	2007-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2007-000796	date:	2009-02-20T00:00:00
db:	NVD	id:	CVE-2007-5116	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28478	date:	2007-11-07T00:00:00
db:	BID	id:	26350	date:	2007-11-05T00:00:00
db:	PACKETSTORM	id:	61507	date:	2007-12-06T04:25:51
db:	PACKETSTORM	id:	129524	date:	2014-12-12T17:43:12
db:	PACKETSTORM	id:	62401	date:	2008-01-08T16:57:06
db:	PACKETSTORM	id:	60703	date:	2007-11-06T06:59:51
db:	PACKETSTORM	id:	61151	date:	2007-11-26T22:21:19
db:	PACKETSTORM	id:	62911	date:	2008-01-24T04:04:26
db:	PACKETSTORM	id:	63867	date:	2008-02-21T04:45:39
db:	CNNVD	id:	CNNVD-200711-104	date:	2007-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2007-000796	date:	2007-11-27T00:00:00
db:	NVD	id:	CVE-2007-5116	date:	2007-11-07T23:46:00