Executive Summary
Summary | |
---|---|
Title | perl security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0458 | First vendor Publication | 2010-06-07 |
Vendor | RedHat | Last vendor Modification | 2010-06-07 |
Severity (Vendor) | Moderate | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Perl is a high-level programming language commonly used for system administration utilities and web programming. The Safe extension module allows users to compile and execute Perl code in restricted compartments. The File::Path module allows users to create and remove directory trees. The Safe module did not properly restrict the code of implicitly called methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects returned as a result of unsafe code evaluation. These methods could have been executed unrestricted by Safe when such objects were accessed or destroyed. A specially-crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions. (CVE-2010-1168) The Safe module did not properly restrict code compiled in a Safe compartment and executed out of the compartment via a subroutine reference returned as a result of unsafe code evaluation. A specially-crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions, if the returned subroutine reference was called from outside of the compartment. (CVE-2010-1447) Multiple race conditions were found in the way the File::Path module's rmtree function removed directory trees. A malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permissions of arbitrary files to be changed to world-writable and setuid, or delete arbitrary files via a symbolic link attack, if the victim had the privileges to change the permissions of the target files or to remove them. (CVE-2008-5302, CVE-2008-5303) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton as the original reporter of CVE-2010-1168, and Tim Bunce and Rafaël Garcia-Suarez as the original reporters of CVE-2010-1447. These packages upgrade the Safe extension module to version 2.27. Refer to the Safe module's Changes file, linked to in the References, for a full list of changes. Users of perl are advised to upgrade to these updated packages, which correct these issues. All applications using the Safe or File::Path modules must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 473450 - CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1 474217 - CVE-2008-5303 symlink perl: File::Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1 576508 - CVE-2010-1168 perl Safe: Intended restriction bypass via object references 588269 - CVE-2010-1447 perl: Safe restriction bypass when reference to subroutine in compartment is called from outside |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0458.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-362 | Race Condition |
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10475 | |||
Oval ID: | oval:org.mitre.oval:def:10475 | ||
Title: | Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | ||
Description: | Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0448 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11076 | |||
Oval ID: | oval:org.mitre.oval:def:11076 | ||
Title: | Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. | ||
Description: | Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5302 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11530 | |||
Oval ID: | oval:org.mitre.oval:def:11530 | ||
Title: | The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. | ||
Description: | The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1447 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13030 | |||
Oval ID: | oval:org.mitre.oval:def:13030 | ||
Title: | DSA-2267-1 perl -- restriction bypass | ||
Description: | It was discovered that Perl's Safe module - a module to compile and execute code in restricted compartments - could by bypassed. Please note that this update is known to break Petal, an XML-based templating engine. A fix is not yet available. If you use Petal, you might consider to put the previous Perl packages on hold. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2267-1 CVE-2010-1447 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | perl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13257 | |||
Oval ID: | oval:org.mitre.oval:def:13257 | ||
Title: | USN-700-2 -- perl regression | ||
Description: | USN-700-1 fixed vulnerabilities in Perl. Due to problems with the Ubuntu 8.04 build, some Perl .ph files were missing from the resulting update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module�s rmtree function. If a local attacker successfully raced another user�s call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module�s rmtree function. If a local attacker successfully raced another user�s call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue | ||
Family: | unix | Class: | patch |
Reference(s): | USN-700-2 CVE-2007-4829 CVE-2008-1927 CVE-2008-5302 CVE-2008-5303 | Version: | 5 |
Platform(s): | Ubuntu 8.04 | Product(s): | perl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18549 | |||
Oval ID: | oval:org.mitre.oval:def:18549 | ||
Title: | DSA-1678-1 perl - privilege escalation | ||
Description: | Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as <a href="http://security-tracker.debian.org/tracker/CVE-2005-0448">CVE-2005-0448</a> and <a href="http://security-tracker.debian.org/tracker/CVE-2004-0452">CVE-2004-0452</a>, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1678-1 CVE-2008-5302 CVE-2008-5303 CVE-2005-0448 CVE-2004-0452 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | perl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21014 | |||
Oval ID: | oval:org.mitre.oval:def:21014 | ||
Title: | USN-700-1 -- libarchive-tar-perl, perl vulnerabilities | ||
Description: | Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-700-1 CVE-2007-4829 CVE-2008-1927 CVE-2008-5302 CVE-2008-5303 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | libarchive-tar-perl perl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22359 | |||
Oval ID: | oval:org.mitre.oval:def:22359 | ||
Title: | RHSA-2010:0458: perl security update (Moderate) | ||
Description: | The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0458-02 CESA-2010:0458 CVE-2008-5302 CVE-2008-5303 CVE-2010-1168 CVE-2010-1447 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | perl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22753 | |||
Oval ID: | oval:org.mitre.oval:def:22753 | ||
Title: | ELSA-2010:0458: perl security update (Moderate) | ||
Description: | The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0458-02 CVE-2008-5302 CVE-2008-5303 CVE-2010-1168 CVE-2010-1447 | Version: | 21 |
Platform(s): | Oracle Linux 5 | Product(s): | perl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28121 | |||
Oval ID: | oval:org.mitre.oval:def:28121 | ||
Title: | DEPRECATED: ELSA-2010-0458 -- perl security update (moderate) | ||
Description: | [4:5.8.8-32.el5.1] - third version of patch fix change of behaviour of rmtree for common user - Resolves: rhbz#597203 [4:5.8.8-32.el5] - rhbz#595416 change documentation of File::Path - Related: rhbz#591167 [4:5.8.8-31.el5] - remove previous fix - Related: rhbz#591167 [4:5.8.8-30.el5] - change config to file on Util.so - Related: rhbz#594406 [4:5.8.8-29.el5] - CVE-2008-5302 - use latest patch without Cwd module - 507378 because of our paths we need to overload old Util.so in case customer installed Scalar::Util from cpan. In this case we marked new Util.so as .rpmnew. - Related: rhbz#591167 - Resolves: rhbz#594406 [4:5.8.8-28.el5] - CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1 - CVE-2010-1168 perl Safe: Intended restriction bypass via object references - CVE-2010-1447 Safe 2.26 and earlier: Intended restriction bypass via Perl object references in code executed outside safe compartment - Related: rhbz#591167 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0458 CVE-2010-1168 CVE-2010-1447 CVE-2008-5302 CVE-2008-5303 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | perl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6680 | |||
Oval ID: | oval:org.mitre.oval:def:6680 | ||
Title: | VMware ESX,Service Console update for perl. | ||
Description: | Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5303 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6890 | |||
Oval ID: | oval:org.mitre.oval:def:6890 | ||
Title: | VMware ESX,Service Console update for perl. | ||
Description: | Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5302 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:728 | |||
Oval ID: | oval:org.mitre.oval:def:728 | ||
Title: | HP-UX 11 Perl rmtree Race Condition | ||
Description: | Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0448 | Version: | 7 |
Platform(s): | HP-UX 11 | Product(s): | Perl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7320 | |||
Oval ID: | oval:org.mitre.oval:def:7320 | ||
Title: | VMware ESX,Service Console update for perl. | ||
Description: | The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1447 | Version: | 5 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7424 | |||
Oval ID: | oval:org.mitre.oval:def:7424 | ||
Title: | VMware ESX,Service Console update for perl. | ||
Description: | The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1168 | Version: | 5 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7799 | |||
Oval ID: | oval:org.mitre.oval:def:7799 | ||
Title: | DSA-1678 perl -- design flaws | ||
Description: | Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1678 CVE-2008-5302 CVE-2008-5303 CVE-2005-0448 CVE-2004-0452 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | perl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9699 | |||
Oval ID: | oval:org.mitre.oval:def:9699 | ||
Title: | Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. | ||
Description: | Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5303 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9807 | |||
Oval ID: | oval:org.mitre.oval:def:9807 | ||
Title: | The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." | ||
Description: | The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1168 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9938 | |||
Oval ID: | oval:org.mitre.oval:def:9938 | ||
Title: | Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | ||
Description: | Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0452 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base) File : nvt/glsa_201110_22.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-09 (Safe) File : nvt/glsa_201111_09.nasl |
2011-08-09 | Name : CentOS Update for perl CESA-2010:0458 centos5 i386 File : nvt/gb_CESA-2010_0458_perl_centos5_i386.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2267-1 (perl) File : nvt/deb_2267_1.nasl |
2011-05-10 | Name : Ubuntu Update for perl USN-1129-1 File : nvt/gb_ubuntu_USN_1129_1.nasl |
2011-04-29 | Name : Fedora Update for perl FEDORA-2011-4918 File : nvt/gb_fedora_2011_4918_perl_fc13.nasl |
2010-08-16 | Name : Fedora Update for perl FEDORA-2010-11340 File : nvt/gb_fedora_2010_11340_perl_fc12.nasl |
2010-08-06 | Name : Fedora Update for perl FEDORA-2010-11323 File : nvt/gb_fedora_2010_11323_perl_fc13.nasl |
2010-06-15 | Name : Mandriva Update for perl MDVSA-2010:115 (perl) File : nvt/gb_mandriva_MDVSA_2010_115.nasl |
2010-06-15 | Name : Mandriva Update for perl MDVSA-2010:116 (perl) File : nvt/gb_mandriva_MDVSA_2010_116.nasl |
2010-06-14 | Name : Perl Safe Module 'reval()' and 'rdo()' Restriction-Bypass Vulnerabilities File : nvt/gb_perl_safe_40302.nasl |
2010-06-14 | Name : Perl Safe Module 'reval()' and 'rdo()' Restriction-Bypass Vulnerabilities File : nvt/gb_perl_safe_40305.nasl |
2010-06-11 | Name : RedHat Update for perl RHSA-2010:0457-01 File : nvt/gb_RHSA-2010_0457-01_perl.nasl |
2010-06-11 | Name : RedHat Update for perl RHSA-2010:0458-02 File : nvt/gb_RHSA-2010_0458-02_perl.nasl |
2010-05-19 | Name : PostgreSQL Multiple Security Vulnerabilities File : nvt/gb_postgresql_40215.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-04-16 | Name : Mandriva Update for tkcvs MDVA-2010:115 (tkcvs) File : nvt/gb_mandriva_MDVA_2010_115.nasl |
2010-04-16 | Name : Mandriva Update for timezone MDVA-2010:116 (timezone) File : nvt/gb_mandriva_MDVA_2010_116.nasl |
2009-10-10 | Name : SLES9: Security update for Perl File : nvt/sles9p5013510.nasl |
2009-06-05 | Name : Ubuntu USN-698-1 (nagios) File : nvt/ubuntu_698_1.nasl |
2009-02-18 | Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl |
2009-02-13 | Name : FreeBSD Ports: perl File : nvt/freebsd_perl3.nasl |
2009-01-20 | Name : Ubuntu USN-700-2 (perl) File : nvt/ubuntu_700_2.nasl |
2009-01-07 | Name : FreeBSD Ports: p5-File-Path File : nvt/freebsd_p5-File-Path.nasl |
2008-12-29 | Name : Debian Security Advisory DSA 1678-2 (perl) File : nvt/deb_1678_2.nasl |
2008-12-29 | Name : Ubuntu USN-700-1 (perl) File : nvt/ubuntu_700_1.nasl |
2008-12-10 | Name : Debian Security Advisory DSA 1678-1 (perl) File : nvt/deb_1678_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-38 (Perl) File : nvt/glsa_200501_38.nasl |
2008-09-04 | Name : FreeBSD Ports: perl File : nvt/freebsd_perl0.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 696-1 (perl) File : nvt/deb_696_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 620-1 (perl) File : nvt/deb_620_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65683 | Safe Module for Perl Automagic Methods Safe::reval / Safe::rdo Access Restric... |
64756 | PostgreSQL Safe Module PL / perl Procedure Restriction Weakness Arbitrary Per... |
50446 | Perl File::Path (lib/File/Path.pm) rmtree Function Symlink Arbitrary File Del... |
14619 | Perl File::Path::rmtree Function Race Condition Privilege Escalation The Perl File::Path:rmtree function contains a flaw that may allow a malicious local user to change permissions of arbitrary files on system. The issue is due to the way the File::Path::rmtree function handles directory permissions when cleaning up directories. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity. |
12588 | Perl File::Path::rmtree Symlink Arbitrary File/Directory Manipulation File::Path::rmtree contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user creates symbolic links to arbitrary files and File::Path::rmtree attempts to delete the arbitrary file. This flaw may lead to a loss of integrity, possibly allowing the attacker change permissions and/or delete the file. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0013_remote.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_perl-58_20131015.nasl - Type : ACT_GATHER_INFO |
2013-11-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-17.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0457.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0458.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-674.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100607_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100607_perl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-11-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-09.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO |
2011-07-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2267.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1129-1.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_perl-100730.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_perl-7108.nasl - Type : ACT_GATHER_INFO |
2010-09-02 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0013.nasl - Type : ACT_GATHER_INFO |
2010-08-25 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12628.nasl - Type : ACT_GATHER_INFO |
2010-08-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_perl-100730.nasl - Type : ACT_GATHER_INFO |
2010-08-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_perl-100730.nasl - Type : ACT_GATHER_INFO |
2010-08-14 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11340.nasl - Type : ACT_GATHER_INFO |
2010-08-03 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11323.nasl - Type : ACT_GATHER_INFO |
2010-06-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-115.nasl - Type : ACT_GATHER_INFO |
2010-06-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-116.nasl - Type : ACT_GATHER_INFO |
2010-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0458.nasl - Type : ACT_GATHER_INFO |
2010-06-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0458.nasl - Type : ACT_GATHER_INFO |
2010-06-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0457.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2010-05-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2051.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-942-1.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0428.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0429.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_perl-090128.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_perl-090128.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-700-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-700-2.nasl - Type : ACT_GATHER_INFO |
2009-02-04 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4a99d61cf23a11dd9f550030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-01-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_13b0c8c8bee011dda708001fc66e7203.nasl - Type : ACT_GATHER_INFO |
2008-12-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1678.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-881.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-44-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-94-1.nasl - Type : ACT_GATHER_INFO |
2005-12-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-881.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-674.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c418d4726bd111d993ca000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
2005-05-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-079.nasl - Type : ACT_GATHER_INFO |
2005-03-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-696.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-103.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200501-38.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-105.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-031.nasl - Type : ACT_GATHER_INFO |
2005-01-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-620.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:33 |
|
2013-05-11 00:51:34 |
|