PROBLEM:
Perl Locale::Maketext Module Two Code Injection Vulnerabilities
PLATFORM:
Locale::Maketext 1.23 is affected; other versions also may be affected.
ABSTRACT:
Two vulnerabilities have been reported in Locale::Maketext module for Perl
REFERENCE LINKS:
Secunia Advisory SA51498
Debian Bug report logs - #695224
Bugtraq ID: 56852
IMPACT ASSESSMENT:
Medium
DISCUSSION:
Two vulnerabilities have been reported in Locale::Maketext module for Perl, which can be exploited by malicious users to compromise an application using the module.
The vulnerabilities are caused due to the "_compile()" function not properly sanitising input, which can be exploited to inject and execute arbitrary Perl code.
IMPACT:
Remote attackers can exploit these issues to inject and run arbitrary Perl code in the context of the affected application.
SOLUTION:
Fixed in the GIT repository.