Executive Summary

Summary
Title Updated Perl packages fix security issues
Informations
Name RHSA-2005:105 First vendor Publication 2005-02-07
Vendor RedHat Last vendor Modification 2005-02-07
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 3.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Perl is a high-level programming language commonly used for system administration utilities and Web programming.

Kevin Finisterre discovered a stack based buffer overflow flaw in sperl, the Perl setuid wrapper. A local user could create a sperl executable script with a carefully created path name, overflowing the buffer and leading to root privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0156 to this issue.

Kevin Finisterre discovered a flaw in sperl which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0155 to this issue.

Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146737 - CAN-2005-0155 multiple setuid perl issues (CAN-2005-0156) 140227 - Potential insecurity in CGI.pm

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-105.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10404
 
Oval ID: oval:org.mitre.oval:def:10404
Title: Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
Description: The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0155
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10803
 
Oval ID: oval:org.mitre.oval:def:10803
Title: Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Description: Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0156
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18549
 
Oval ID: oval:org.mitre.oval:def:18549
Title: DSA-1678-1 perl - privilege escalation
Description: Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as <a href="http://security-tracker.debian.org/tracker/CVE-2005-0448">CVE-2005-0448</a> and <a href="http://security-tracker.debian.org/tracker/CVE-2004-0452">CVE-2004-0452</a>, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later.
Family: unix Class: patch
Reference(s): DSA-1678-1
CVE-2008-5302
CVE-2008-5303
CVE-2005-0448
CVE-2004-0452
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7799
 
Oval ID: oval:org.mitre.oval:def:7799
Title: DSA-1678 perl -- design flaws
Description: Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later.
Family: unix Class: patch
Reference(s): DSA-1678
CVE-2008-5302
CVE-2008-5303
CVE-2005-0448
CVE-2004-0452
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9938
 
Oval ID: oval:org.mitre.oval:def:9938
Title: Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
Description: Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0452
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 11
Application 1
Os 2
Os 3
Os 1
Os 1
Os 8
Os 4
Os 2

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for perl CESA-2010:0458 centos5 i386
File : nvt/gb_CESA-2010_0458_perl_centos5_i386.nasl
2010-06-11 Name : RedHat Update for perl RHSA-2010:0458-02
File : nvt/gb_RHSA-2010_0458-02_perl.nasl
2009-10-10 Name : SLES9: Security update for Perl
File : nvt/sles9p5013510.nasl
2009-02-13 Name : FreeBSD Ports: perl
File : nvt/freebsd_perl3.nasl
2009-01-07 Name : FreeBSD Ports: p5-File-Path
File : nvt/freebsd_p5-File-Path.nasl
2008-12-10 Name : Debian Security Advisory DSA 1678-1 (perl)
File : nvt/deb_1678_1.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200501-38 (Perl)
File : nvt/glsa_200501_38.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200502-13 (Perl)
File : nvt/glsa_200502_13.nasl
2008-09-04 Name : FreeBSD Ports: perl
File : nvt/freebsd_perl.nasl
2008-09-04 Name : FreeBSD Ports: perl
File : nvt/freebsd_perl0.nasl
2008-01-17 Name : Debian Security Advisory DSA 620-1 (perl)
File : nvt/deb_620_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
28229 Red Hat Linux Perl Patch Regression Error

13452 Perl PERLIO_DEBUG Local Overflow

13451 Perl PERLIO_DEBUG Arbitrary File Overwrite

12588 Perl File::Path::rmtree Symlink Arbitrary File/Directory Manipulation

File::Path::rmtree contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user creates symbolic links to arbitrary files and File::Path::rmtree attempts to delete the arbitrary file. This flaw may lead to a loss of integrity, possibly allowing the attacker change permissions and/or delete the file.

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_perl-58_20131015.nasl - Type : ACT_GATHER_INFO
2008-12-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1678.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0605.nasl - Type : ACT_GATHER_INFO
2006-08-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0605.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-44-1.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-72-1.nasl - Type : ACT_GATHER_INFO
2005-07-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_a5eb760a753c11d9a36f000a95bc6fae.nasl - Type : ACT_GATHER_INFO
2005-07-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c418d4726bd111d993ca000a95bc6fae.nasl - Type : ACT_GATHER_INFO
2005-02-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-103.nasl - Type : ACT_GATHER_INFO
2005-02-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200501-38.nasl - Type : ACT_GATHER_INFO
2005-02-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200502-13.nasl - Type : ACT_GATHER_INFO
2005-02-10 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-031.nasl - Type : ACT_GATHER_INFO
2005-02-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-105.nasl - Type : ACT_GATHER_INFO
2005-01-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-620.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:49:02
  • Multiple Updates