Convert-UUlib Perl Module Buffer Overflow Vulnerability
BID:13401
Info
Convert-UUlib Perl Module Buffer Overflow Vulnerability
| Bugtraq ID: | 13401 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1349 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 26 2005 12:00AM |
| Updated: | Mar 19 2015 09:29AM |
| Credit: | This issue was announced in a vendor advisory. |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 7 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SuSE eMail Server III S.u.S.E. SuSE eMail Server 3.1 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 7.3 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Office Server S.u.S.E. Linux IMAP Server 1.0 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server S.u.S.E. Linux 8.1 S.u.S.E. Linux 8.0 i386 S.u.S.E. Linux 8.0 S.u.S.E. Linux 7.3 sparc S.u.S.E. Linux 7.3 ppc S.u.S.E. Linux 7.3 i386 S.u.S.E. Linux 7.3 S.u.S.E. Linux 7.2 i386 S.u.S.E. Linux 7.2 S.u.S.E. Linux 7.1 x86 S.u.S.E. Linux 7.1 sparc S.u.S.E. Linux 7.1 ppc S.u.S.E. Linux 7.1 alpha S.u.S.E. Linux 7.1 S.u.S.E. Linux 7.0 sparc S.u.S.E. Linux 7.0 ppc S.u.S.E. Linux 7.0 i386 S.u.S.E. Linux 7.0 alpha S.u.S.E. Linux 7.0 S.u.S.E. Linux 6.4 ppc S.u.S.E. Linux 6.4 i386 S.u.S.E. Linux 6.4 alpha S.u.S.E. Linux 6.4 S.u.S.E. Linux 6.3 ppc S.u.S.E. Linux 6.3 alpha S.u.S.E. Linux 6.3 S.u.S.E. Linux 6.2 S.u.S.E. Linux 6.1 alpha S.u.S.E. Linux 6.1 S.u.S.E. Linux 6.0 S.u.S.E. Linux 5.3 S.u.S.E. Linux 5.2 S.u.S.E. Linux 5.1 S.u.S.E. Linux 5.0 S.u.S.E. Linux 4.4.1 S.u.S.E. Linux 4.4 S.u.S.E. Linux 4.3 S.u.S.E. Linux 4.2 S.u.S.E. Linux 4.0 S.u.S.E. Linux 3.0 S.u.S.E. Linux 2.0 S.u.S.E. Linux 1.0 Marc Lehmann Convert-UUlib 1.50 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MailEnable MailEnable Professional 1.116 MailEnable MailEnable Professional 1.115 MailEnable MailEnable Professional 1.114 MailEnable MailEnable Professional 1.113 MailEnable MailEnable Professional 1.112 MailEnable MailEnable Professional 1.111 MailEnable MailEnable Professional 1.110 MailEnable MailEnable Professional 1.109 MailEnable MailEnable Professional 1.108 MailEnable MailEnable Professional 1.107 MailEnable MailEnable Professional 1.106 MailEnable MailEnable Professional 1.105 MailEnable MailEnable Professional 1.104 MailEnable MailEnable Professional 1.103 MailEnable MailEnable Professional 1.102 MailEnable MailEnable Professional 1.101 MailEnable MailEnable Professional 1.54 MailEnable MailEnable Professional 1.53 MailEnable MailEnable Professional 1.52 MailEnable MailEnable Professional 1.51 MailEnable MailEnable Professional 1.19 MailEnable MailEnable Professional 1.18 MailEnable MailEnable Professional 1.17 MailEnable MailEnable Professional 1.16 MailEnable MailEnable Professional 1.15 MailEnable MailEnable Professional 1.14 MailEnable MailEnable Professional 1.13 MailEnable MailEnable Professional 1.12 MailEnable MailEnable Professional 1.5 MailEnable MailEnable Professional 1.2 a MailEnable MailEnable Professional 1.2 MailEnable MailEnable Professional 1.1 MailEnable MailEnable Professional 1.0 017 MailEnable MailEnable Professional 1.0 016 MailEnable MailEnable Professional 1.0 015 MailEnable MailEnable Professional 1.0 014 MailEnable MailEnable Professional 1.0 013 MailEnable MailEnable Professional 1.0 012 MailEnable MailEnable Professional 1.0 011 MailEnable MailEnable Professional 1.0 010 MailEnable MailEnable Professional 1.0 009 MailEnable MailEnable Professional 1.0 008 MailEnable MailEnable Professional 1.0 007 MailEnable MailEnable Professional 1.0 006 MailEnable MailEnable Professional 1.0 005 MailEnable MailEnable Professional 1.0 004 MailEnable MailEnable Enterprise Edition 1.0 4 MailEnable MailEnable Enterprise Edition 1.0 3 MailEnable MailEnable Enterprise Edition 1.0 2 MailEnable MailEnable Enterprise Edition 1.0 1 MailEnable MailEnable Enterprise Edition 1.0 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Convert-UUlib Convert-UUlib 1.05 Convert-UUlib Convert-UUlib 1.04 Conectiva Linux 10.0 Barracuda Networks Barracuda Spam Firewall 3.1.18 firmware Barracuda Networks Barracuda Spam Firewall 3.1.17 firmware Barracuda Networks Barracuda Spam Firewall 3.3.03.055 Barracuda Networks Barracuda Spam Firewall 3.3.03.053 Barracuda Networks Barracuda Spam Firewall 3.3.03.022 firmware Barracuda Networks Barracuda Spam Firewall 3.3.01.001 Barracuda Networks Barracuda Spam Firewall 3.3.0.54 |
| Not Vulnerable: |
Marc Lehmann Convert-UUlib 1.51 Barracuda Networks Barracuda Spam Firewall 3.3.15 026 |
Discussion
Convert-UUlib Perl Module Buffer Overflow Vulnerability
Convert-UUlib Perl module is prone to a remotely exploitable buffer-overflow vulnerability.
A remote attacker may leverage this condition to overwrite sensitive program control variables and thus gain control of the process's execution flow.
This BID will be updated as soon as further information regarding this issue is made available.
Convert-UUlib Perl module is prone to a remotely exploitable buffer-overflow vulnerability.
A remote attacker may leverage this condition to overwrite sensitive program control variables and thus gain control of the process's execution flow.
This BID will be updated as soon as further information regarding this issue is made available.
Exploit / POC
Convert-UUlib Perl Module Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Convert-UUlib Perl Module Buffer Overflow Vulnerability
Solution:
NOTE: A fix for this issue is reportedly available, but Symantec was unable to confirm this. Contact the software vendor to determine the availability of fixed packages.
Please see the referenced advisories for more information.
Convert-UUlib Convert-UUlib 1.05
Convert-UUlib Convert-UUlib 1.04
Conectiva Linux 10.0
Debian Linux 3.0 s/390
Debian Linux 3.0 alpha
Debian Linux 3.0 mips
Debian Linux 3.0 mipsel
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 m68k
Solution:
NOTE: A fix for this issue is reportedly available, but Symantec was unable to confirm this. Contact the software vendor to determine the availability of fixed packages.
Please see the referenced advisories for more information.
Convert-UUlib Convert-UUlib 1.05
-
Mandriva perl-Convert-UUlib-1.051-0.1.C30mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva perl-Convert-UUlib-1.051-0.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://wwwnew.mandriva.com/en/downloads/
Convert-UUlib Convert-UUlib 1.04
-
Mandriva perl-Convert-UUlib-1.051-0.1.102mdk.i586.rpm
Mandriva Linux 10.2:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva perl-Convert-UUlib-1.051-0.1.102mdk.x86_64.rpm
Mandriva Linux 10.2/X86_64:
http://wwwnew.mandriva.com/en/downloads/
Conectiva Linux 10.0
-
Conectiva nss_ldap-240-53589U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/nss_ldap-240-53589U10_1cl. i386.rpm -
Conectiva nss_ldap-240-53589U10_1cl.i386.rpm
Conectiva 10:
nss_ldap-240-53589U10_1cl.i386.rpm -
Conectiva pam_ldap-180-47667U10_1cl.i386.rpm
Conectiva 10:
ftp://atualizacoes.conectiva.com.br/10/RPMS/pam_ldap-180-47667U10_1cl. i386.rpm
Debian Linux 3.0 s/390
-
Debian libconvert-uulib-perl_0.201-2woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-per l_0.201-2woody1_s390.deb
Debian Linux 3.0 alpha
-
Debian libconvert-uulib-perl_0.201-2woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-per l/libconvert-uulib-perl_0.201-2woody1_alpha.deb
Debian Linux 3.0 mips
-
Debian libconvert-uulib-perl_0.201-2woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-per l_0.201-2woody1_mips.deb
Debian Linux 3.0 mipsel
-
Debian libconvert-uulib-perl_0.201-2woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-per l_0.201-2woody1_mipsel.deb
Debian Linux 3.0 hppa
-
Debian libconvert-uulib-perl_0.201-2woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-per l_0.201-2woody1_hppa.deb
Debian Linux 3.0 arm
-
Debian libconvert-uulib-perl_0.201-2woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-per l_0.201-2woody1_arm.deb
Debian Linux 3.0 m68k
-
Debian libconvert-uulib-perl_0.201-2woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-per l_0.201-2woody1_m68k.deb
References
Convert-UUlib Perl Module Buffer Overflow Vulnerability
References:
References:
- Barracuda Networks Spam Firewall Home Page (Barracuda Networks)
- MailEnable Homepage (MailEnable)
- MailEnable Hotfix Page (MailEnable)
- Barracuda Spam Firewall convert-UUlib library buffer overflow vulnerabilities ([email protected])
- MailEnable HTTPS Buffer Overflow [x0n3-h4ck] ("CorryL"