Executive Summary
Summary | |
---|---|
Title | perl security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:881 | First vendor Publication | 2005-12-20 |
Vendor | RedHat | Last vendor Modification | 2005-12-20 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl's format string processor. It is possible for an attacker to cause perl to crash or execute arbitrary code if the attacker is able to process a malicious format string. This issue is only exploitable through a script wich passes arbitrary untrusted strings to the format string processor. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3962 to this issue. Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module removed directory trees. If a local user has write permissions to a subdirectory within the tree being removed by File::Path::rmtree, it is possible for them to create setuid binary files. (CVE-2005-0448) Solar Designer discovered several temporary file bugs in various Perl modules. A local attacker could overwrite or create files as the user running a Perl script that uses a vulnerable module. (CVE-2004-0976) Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues as well as fixes for several bugs. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 123176 - [RFE] Need new perl rpm release that fixes threaded memory leak 135975 - Perl's 'study' function breaks regexp matching 136325 - CVE-2004-0976 temporary file vulnerabilities in Perl 137075 - Apparent utf8 bug in Perl's join() 145215 - garbage after split() 147946 - Man::Pod does not return true 161053 - CVE-2005-0448 perl File::Path.pm rmtree race condition 165078 - Broken POSIX in perl-5.8.0 166732 - 'split'/'index' problem for utf8 172160 - perl bug # 22372: SIGSEGV in sv_chop() 172256 - bits/resource.ph has syntax errors 172317 - (libperl) could not run system-config-printer 174717 - CVE-2005-3962 Perl integer overflow issue 175135 - Cannot set undef timeout in perl 5.8.0 IO::Socket |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-881.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10475 | |||
Oval ID: | oval:org.mitre.oval:def:10475 | ||
Title: | Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | ||
Description: | Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0448 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10598 | |||
Oval ID: | oval:org.mitre.oval:def:10598 | ||
Title: | Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. | ||
Description: | Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3962 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1074 | |||
Oval ID: | oval:org.mitre.oval:def:1074 | ||
Title: | Perl Format String Integer Overflow Vulnerability | ||
Description: | Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3962 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | Perl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:728 | |||
Oval ID: | oval:org.mitre.oval:def:728 | ||
Title: | HP-UX 11 Perl rmtree Race Condition | ||
Description: | Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0448 | Version: | 7 |
Platform(s): | HP-UX 11 | Product(s): | Perl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9752 | |||
Oval ID: | oval:org.mitre.oval:def:9752 | ||
Title: | Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | ||
Description: | Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0976 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 6 | |
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for perl CESA-2010:0458 centos5 i386 File : nvt/gb_CESA-2010_0458_perl_centos5_i386.nasl |
2010-06-11 | Name : RedHat Update for perl RHSA-2010:0458-02 File : nvt/gb_RHSA-2010_0458-02_perl.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for perl File : nvt/sles9p5012473.nasl |
2009-02-13 | Name : FreeBSD Ports: perl File : nvt/freebsd_perl3.nasl |
2009-01-07 | Name : FreeBSD Ports: p5-File-Path File : nvt/freebsd_p5-File-Path.nasl |
2008-12-10 | Name : Debian Security Advisory DSA 1678-1 (perl) File : nvt/deb_1678_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200412-04 (perl) File : nvt/glsa_200412_04.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-38 (Perl) File : nvt/glsa_200501_38.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200512-01 (Perl) File : nvt/glsa_200512_01.nasl |
2008-09-04 | Name : FreeBSD Ports: perl File : nvt/freebsd_perl1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 620-1 (perl) File : nvt/deb_620_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 696-1 (perl) File : nvt/deb_696_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 943-1 (perl) File : nvt/deb_943_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
22255 | OpenBSD Perl Interpreter sprintf Function Local Overflow A local overflow exists in Perl on OpenBSD. The interpreter can be used to cause a buffer overflow. No futher details have been provided. |
21345 | Perl Explicit Format Parameter Index Overflow Perl contains a flaw that when handling a format string containing an explicit format parameter index that exceeds INT_MAX which can result in an illegal memory access. With a specially crafted request, an attacker can cause the crash of a Perl application resulting in a loss of availability. |
14619 | Perl File::Path::rmtree Function Race Condition Privilege Escalation The Perl File::Path:rmtree function contains a flaw that may allow a malicious local user to change permissions of arbitrary files on system. The issue is due to the way the File::Path::rmtree function handles directory permissions when cleaning up directories. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity. |
11201 | Perl on Trustix Secure Linux Multiple Script Insecure Temporary File Creation Multiple scripts within Perl contain a flaw that may allow a malicious user to overwrite arbitrary files with the permissions of the user running the script. The is due to the scripts' creation of world-writeable symbolic links, which an attacker can make point to any file in the filesystem. When the script uses the symlink to write data later, the newly specified file is overwritten, causing a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_perl-58_20131015.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-674.nasl - Type : ACT_GATHER_INFO |
2009-02-04 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4a99d61cf23a11dd9f550030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-01-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_13b0c8c8bee011dda708001fc66e7203.nasl - Type : ACT_GATHER_INFO |
2008-12-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1678.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-943.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-880.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-881.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_bb33981a7ac611dabf7200123f589060.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-222-2.nasl - Type : ACT_GATHER_INFO |
2006-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-222-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-94-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-16-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-225.nasl - Type : ACT_GATHER_INFO |
2005-12-30 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_071.nasl - Type : ACT_GATHER_INFO |
2005-12-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-881.nasl - Type : ACT_GATHER_INFO |
2005-12-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-880.nasl - Type : ACT_GATHER_INFO |
2005-12-15 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1144.nasl - Type : ACT_GATHER_INFO |
2005-12-15 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1145.nasl - Type : ACT_GATHER_INFO |
2005-12-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200512-01.nasl - Type : ACT_GATHER_INFO |
2005-12-07 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1116.nasl - Type : ACT_GATHER_INFO |
2005-12-07 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1113.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-674.nasl - Type : ACT_GATHER_INFO |
2005-05-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-079.nasl - Type : ACT_GATHER_INFO |
2005-03-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-696.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200501-38.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-031.nasl - Type : ACT_GATHER_INFO |
2005-01-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-620.nasl - Type : ACT_GATHER_INFO |
2004-12-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200412-04.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:49 |
|