CVE-2012-6329
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 62%
from disclosure to weapon0 days
Published on NVDJan 4
1st PoCDec 23
metasploitDec 3
exploitation probability
62%top 1% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/23580unverifiedexploitdbwww.exploit-db.com/exploits/23579unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224http://code.activestate.com/lists/perl5-porters/187746/http://code.activestate.com/lists/perl5-porters/187763/http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735http://openwall.com/lists/oss-security/2012/12/11/4http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.podhttp://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8http://rhn.redhat.com/errata/RHSA-2013-0685.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=884354http://sourceforge.net/mailarchive/message.php?msg_id=30219695https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032