Executive Summary
| Summary | |
|---|---|
| Title | New perl packages fix information leak in suidperl |
| Informations | |||
|---|---|---|---|
| Name | DSA-431 | First vendor Publication | 2004-04-16 |
| Vendor | Debian | Last vendor Modification | 2004-04-16 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Paul Szabo discovered a number of similar bugs in suidperl, a helper program to run perl scripts with setuid privileges. By exploiting these bugs, an attacker could abuse suidperl to discover information about files (such as testing for their existence and some of their permissions) that should not be accessible to unprivileged users. DSA 431-1 incorporated a partial fix for this problem. This advisory includes a more complete fix which corrects some additional cases. For the current stable distribution (woody) this problem has been fixed in version 5.6.1-8.7. For the unstable distribution, this problem has been fixed in version 5.8.3-3. We recommend that you update your perl package if you have the "perl-suid" package installed. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-431 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Os | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 431-1 (perl) File : nvt/deb_431_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 431-2 (perl) File : nvt/deb_431_2.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 6103 | Perl suidperl File Information Leak suidperl contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a local user requests a file that does not exist, which will display an error message containing full path information resulting in a loss of confidentiality. If the file does exist, the error message reveals if the file is setuid or setgid. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-431.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:03 |
|
