Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:DL:RAW-ZLIB-PERL

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Compress Raw Zlib for Perl 'inflate()' Off-by-one Overflow

Release Date

 2012/12/02

Update Number

 2207

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Compress Raw Zlib for Perl 'inflate()' Off-by-one Overflow


This signature detects attempts to exploit a known vulnerability in the Compress::Raw::Zlib Perl module before 2.017. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Extended Description

The 'Compress::Raw::Zlib' Perl module is prone to a remote code-execution vulnerability. Successful exploits may allow remote attackers to execute arbitrary code or cause denial-of-service conditions in applications that use the vulnerable module. Versions prior to 'Compress::Raw::Zlib' 2.017 are affected.

Affected Products

  • Activestate ActivePerl 5.10.1
  • Compress::Raw::Zlib 2.014
  • Compress::Raw::Zlib 2.015
  • Gentoo Linux
  • Mandriva Enterprise Server 5
  • Mandriva Enterprise Server 5 X86 64
  • Mandriva Linux Mandrake 2008.0
  • Mandriva Linux Mandrake 2008.0 X86 64
  • Mandriva Linux Mandrake 2008.1
  • Mandriva Linux Mandrake 2008.1 X86 64
  • Mandriva Linux Mandrake 2009.0
  • Mandriva Linux Mandrake 2009.0 X86 64
  • Mandriva Linux Mandrake 2009.1
  • Mandriva Linux Mandrake 2009.1 X86 64
  • Pardus Linux 2008
  • Red Hat Fedora 10
  • Red Hat Fedora 11
  • SuSE openSUSE 10.3
  • SuSE openSUSE 11.0
  • SuSE openSUSE 11.1
  • SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO
  • SuSE SUSE Linux Enterprise 10 SP2 DEBUGINFO
  • SuSE SUSE Linux Enterprise Desktop 10
  • SuSE SUSE Linux Enterprise Desktop 10 SP1
  • SuSE SUSE Linux Enterprise Desktop 10 SP2
  • SuSE SUSE Linux Enterprise Server 10
  • SuSE SUSE Linux Enterprise Server 10 SP1
  • SuSE SUSE Linux Enterprise Server 10 SP2
  • SuSE SUSE Linux Enterprise Server 11
  • SuSE SUSE Linux Enterprise Server 9
  • SuSE SUSE Linux Enterprise Server 9 SP3
  • SuSE SUSE Linux Enterprise Server RT Solution 10
  • Ubuntu Ubuntu Linux 8.04 LTS Amd64
  • Ubuntu Ubuntu Linux 8.04 LTS I386
  • Ubuntu Ubuntu Linux 8.04 LTS Lpia
  • Ubuntu Ubuntu Linux 8.04 LTS Powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS Sparc
  • Ubuntu Ubuntu Linux 8.10 Amd64
  • Ubuntu Ubuntu Linux 8.10 I386
  • Ubuntu Ubuntu Linux 8.10 Lpia
  • Ubuntu Ubuntu Linux 8.10 Powerpc
  • Ubuntu Ubuntu Linux 8.10 Sparc
  • Ubuntu Ubuntu Linux 9.04 Amd64
  • Ubuntu Ubuntu Linux 9.04 I386
  • Ubuntu Ubuntu Linux 9.04 Lpia
  • Ubuntu Ubuntu Linux 9.04 Powerpc
  • Ubuntu Ubuntu Linux 9.04 Sparc

References

  • BugTraq: 35307
  • CVE: CVE-2009-1391

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out