Executive Summary
Summary | |
---|---|
Title | Updated Perl packages fix security issues |
Informations | |||
---|---|---|---|
Name | RHSA-2005:105 | First vendor Publication | 2005-02-07 |
Vendor | RedHat | Last vendor Modification | 2005-02-07 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Perl is a high-level programming language commonly used for system administration utilities and Web programming. Kevin Finisterre discovered a stack based buffer overflow flaw in sperl, the Perl setuid wrapper. A local user could create a sperl executable script with a carefully created path name, overflowing the buffer and leading to root privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0156 to this issue. Kevin Finisterre discovered a flaw in sperl which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0155 to this issue. Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146737 - CAN-2005-0155 multiple setuid perl issues (CAN-2005-0156) 140227 - Potential insecurity in CGI.pm |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-105.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10404 | |||
Oval ID: | oval:org.mitre.oval:def:10404 | ||
Title: | Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | ||
Description: | The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0155 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10803 | |||
Oval ID: | oval:org.mitre.oval:def:10803 | ||
Title: | Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | ||
Description: | Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0156 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18549 | |||
Oval ID: | oval:org.mitre.oval:def:18549 | ||
Title: | DSA-1678-1 perl - privilege escalation | ||
Description: | Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as <a href="http://security-tracker.debian.org/tracker/CVE-2005-0448">CVE-2005-0448</a> and <a href="http://security-tracker.debian.org/tracker/CVE-2004-0452">CVE-2004-0452</a>, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1678-1 CVE-2008-5302 CVE-2008-5303 CVE-2005-0448 CVE-2004-0452 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | perl |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7799 | |||
Oval ID: | oval:org.mitre.oval:def:7799 | ||
Title: | DSA-1678 perl -- design flaws | ||
Description: | Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1678 CVE-2008-5302 CVE-2008-5303 CVE-2005-0448 CVE-2004-0452 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | perl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9938 | |||
Oval ID: | oval:org.mitre.oval:def:9938 | ||
Title: | Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | ||
Description: | Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0452 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for perl CESA-2010:0458 centos5 i386 File : nvt/gb_CESA-2010_0458_perl_centos5_i386.nasl |
2010-06-11 | Name : RedHat Update for perl RHSA-2010:0458-02 File : nvt/gb_RHSA-2010_0458-02_perl.nasl |
2009-10-10 | Name : SLES9: Security update for Perl File : nvt/sles9p5013510.nasl |
2009-02-13 | Name : FreeBSD Ports: perl File : nvt/freebsd_perl3.nasl |
2009-01-07 | Name : FreeBSD Ports: p5-File-Path File : nvt/freebsd_p5-File-Path.nasl |
2008-12-10 | Name : Debian Security Advisory DSA 1678-1 (perl) File : nvt/deb_1678_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-38 (Perl) File : nvt/glsa_200501_38.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-13 (Perl) File : nvt/glsa_200502_13.nasl |
2008-09-04 | Name : FreeBSD Ports: perl File : nvt/freebsd_perl.nasl |
2008-09-04 | Name : FreeBSD Ports: perl File : nvt/freebsd_perl0.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 620-1 (perl) File : nvt/deb_620_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
28229 | Red Hat Linux Perl Patch Regression Error |
13452 | Perl PERLIO_DEBUG Local Overflow |
13451 | Perl PERLIO_DEBUG Arbitrary File Overwrite |
12588 | Perl File::Path::rmtree Symlink Arbitrary File/Directory Manipulation File::Path::rmtree contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user creates symbolic links to arbitrary files and File::Path::rmtree attempts to delete the arbitrary file. This flaw may lead to a loss of integrity, possibly allowing the attacker change permissions and/or delete the file. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_perl-58_20131015.nasl - Type : ACT_GATHER_INFO |
2008-12-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1678.nasl - Type : ACT_GATHER_INFO |
2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0605.nasl - Type : ACT_GATHER_INFO |
2006-08-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0605.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-44-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-72-1.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a5eb760a753c11d9a36f000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c418d4726bd111d993ca000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-103.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200501-38.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200502-13.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-031.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-105.nasl - Type : ACT_GATHER_INFO |
2005-01-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-620.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:02 |
|