Executive Summary
Summary | |
---|---|
Title | perl security update |
Informations | |||
---|---|---|---|
Name | RHSA-2006:0605 | First vendor Publication | 2006-08-10 |
Vendor | RedHat | Last vendor Modification | 2006-08-10 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated Perl packages that fix security a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Perl is a high-level programming language commonly used for system administration utilities and Web programming. Kevin Finisterre discovered a flaw in sperl, the Perl setuid wrapper, which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. (CVE-2005-0155) A fix for this issue was first included in the update RHSA-2005:103 released in February 2005. However the patch to correct this issue was dropped from the update RHSA-2005:674 made in October 2005. This regression has been assigned CVE-2006-3813. Users of Perl are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2006-0605.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10404 | |||
Oval ID: | oval:org.mitre.oval:def:10404 | ||
Title: | Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | ||
Description: | The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0155 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9456 | |||
Oval ID: | oval:org.mitre.oval:def:9456 | ||
Title: | A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information. | ||
Description: | A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-3813 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Os | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Perl File : nvt/sles9p5013510.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-13 (Perl) File : nvt/glsa_200502_13.nasl |
2008-09-04 | Name : FreeBSD Ports: perl File : nvt/freebsd_perl.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
28229 | Red Hat Linux Perl Patch Regression Error |
13451 | Perl PERLIO_DEBUG Arbitrary File Overwrite |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0605.nasl - Type : ACT_GATHER_INFO |
2006-08-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0605.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-72-1.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a5eb760a753c11d9a36f000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-103.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200502-13.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-031.nasl - Type : ACT_GATHER_INFO |
2005-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-105.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:08 |
|
2013-05-11 12:23:34 |
|