CVE-2012-6329 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-6329 Interim 1 18 2023-12-09T01:41:54Z current 2021-05-30T13:07:48Z 2023-12-09T01:41:54Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-6329 The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SAANU7FO2BZM6GDOLJPXLNFDCPPAIXCA/#SAANU7FO2BZM6GDOLJPXLNFDCPPAIXCA E-Mail link for openSUSE-SU-2013:0497-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7SNQLVN2T3VLRHXUIPVDYEGSY2IBK3OA/#7SNQLVN2T3VLRHXUIPVDYEGSY2IBK3OA E-Mail link for openSUSE-SU-2013:0502-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Point of Service 11 SP3 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Software Development Kit 11 SP4 perl perl-32bit-5.10.0-64.67.52 perl-32bit-5.10.0-64.72.1 perl-5.10.0-64.67.52 perl-5.10.0-64.72.1 perl-Module-Build-0.2808.01-0.67.52 perl-Module-Build-0.2808.01-0.72.1 perl-Test-Simple-0.72-0.67.52 perl-Test-Simple-0.72-0.72.1 perl-base-32bit-5.10.0-64.72.1 perl-base-5.10.0-64.67.52 perl-base-5.10.0-64.72.1 perl-doc-5.10.0-64.67.52 perl-doc-5.10.0-64.72.1 perl-x86-5.10.0-64.67.52 perl-x86-5.10.0-64.72.1 perl-5.10.0-64.67.52 as a component of SUSE Linux Enterprise Server 11 SP3 perl-32bit-5.10.0-64.67.52 as a component of SUSE Linux Enterprise Server 11 SP3 perl-Module-Build-0.2808.01-0.67.52 as a component of SUSE Linux Enterprise Server 11 SP3 perl-Test-Simple-0.72-0.67.52 as a component of SUSE Linux Enterprise Server 11 SP3 perl-base-5.10.0-64.67.52 as a component of SUSE Linux Enterprise Server 11 SP3 perl-doc-5.10.0-64.67.52 as a component of SUSE Linux Enterprise Server 11 SP3 perl-x86-5.10.0-64.67.52 as a component of SUSE Linux Enterprise Server 11 SP3 perl-5.10.0-64.72.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-32bit-5.10.0-64.72.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-Module-Build-0.2808.01-0.72.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-Test-Simple-0.72-0.72.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-base-5.10.0-64.72.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-doc-5.10.0-64.72.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-x86-5.10.0-64.72.1 as a component of SUSE Linux Enterprise Server 11 SP4 perl-base-32bit-5.10.0-64.72.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 perl as a component of SUSE Linux Enterprise Point of Service 11 SP3 perl as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata perl as a component of SUSE Linux Enterprise Server 11 SP4 LTSS The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. CVE-2012-6329 SUSE Linux Enterprise Server 11 SP3:perl-5.10.0-64.67.52 SUSE Linux Enterprise Server 11 SP3:perl-32bit-5.10.0-64.67.52 SUSE Linux Enterprise Server 11 SP3:perl-Module-Build-0.2808.01-0.67.52 SUSE Linux Enterprise Server 11 SP3:perl-Test-Simple-0.72-0.67.52 SUSE Linux Enterprise Server 11 SP3:perl-base-5.10.0-64.67.52 SUSE Linux Enterprise Server 11 SP3:perl-doc-5.10.0-64.67.52 SUSE Linux Enterprise Server 11 SP3:perl-x86-5.10.0-64.67.52 SUSE Linux Enterprise Server 11 SP4:perl-5.10.0-64.72.1 SUSE Linux Enterprise Server 11 SP4:perl-32bit-5.10.0-64.72.1 SUSE Linux Enterprise Server 11 SP4:perl-Module-Build-0.2808.01-0.72.1 SUSE Linux Enterprise Server 11 SP4:perl-Test-Simple-0.72-0.72.1 SUSE Linux Enterprise Server 11 SP4:perl-base-5.10.0-64.72.1 SUSE Linux Enterprise Server 11 SP4:perl-doc-5.10.0-64.72.1 SUSE Linux Enterprise Server 11 SP4:perl-x86-5.10.0-64.72.1 SUSE Linux Enterprise Software Development Kit 11 SP4:perl-base-32bit-5.10.0-64.72.1 SUSE Linux Enterprise Point of Service 11 SP3:perl SUSE Linux Enterprise Server 11 SP3 for Teradata:perl SUSE Linux Enterprise Server 11 SP4 LTSS:perl important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P