ByteOS Network

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html	secalert@redhat.com	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html	secalert@redhat.com	N/A
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html	secalert@redhat.com	N/A
http://openwall.com/lists/oss-security/2011/04/01/3	secalert@redhat.com	Exploit Patch
http://openwall.com/lists/oss-security/2011/04/04/35	secalert@redhat.com	Exploit Patch
http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99	secalert@redhat.com	Patch
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336	secalert@redhat.com	Exploit
http://secunia.com/advisories/43921	secalert@redhat.com	Vendor Advisory
http://secunia.com/advisories/44168	secalert@redhat.com	N/A
http://www.debian.org/security/2011/dsa-2265	secalert@redhat.com	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091	secalert@redhat.com	N/A
http://www.securityfocus.com/bid/47124	secalert@redhat.com	Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=692844	secalert@redhat.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=692898	secalert@redhat.com	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528	secalert@redhat.com	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://openwall.com/lists/oss-security/2011/04/01/3	af854a3a-2127-422b-91ae-364da2661108	Exploit Patch
http://openwall.com/lists/oss-security/2011/04/04/35	af854a3a-2127-422b-91ae-364da2661108	Exploit Patch
http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99	af854a3a-2127-422b-91ae-364da2661108	Patch
http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://secunia.com/advisories/43921	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/44168	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2011/dsa-2265	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/47124	af854a3a-2127-422b-91ae-364da2661108	Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=692844	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=692898	af854a3a-2127-422b-91ae-364da2661108	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528	af854a3a-2127-422b-91ae-364da2661108	N/A