Test Kennung:	1.3.6.1.4.1.25623.1.0.56172
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLSA-2006:1056
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLSA-2006:1056. This announcement fixes the following four vulnerabilities in perl: CVE-2005-0448 Race condition in the rmtree function in File::Path.pm in Perl allows local users to create arbitrary setuid binaries in the tree being deleted. CVE-2005-0155 The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. CVE-2005-0156 Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. CVE-2005-3962 Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and Perl 5.8.6 allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001056 http://www.perl.org/ Risk factor : Medium CVSS Score: 4.6
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0448 BugTraq ID: 12767 http://www.securityfocus.com/bid/12767 Conectiva Linux advisory: CLSA-2006:1056 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 Debian Security Information: DSA-696 (Google Search) http://www.debian.org/security/2005/dsa-696 http://fedoranews.org/updates/FEDORA--.shtml http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml HPdes Security Advisory: HPSBUX01208 http://www.securityfocus.com/advisories/8704 HPdes Security Advisory: SSRT5938 http://www.mandriva.com/security/advisories?name=MDKSA-2005:079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728 http://www.redhat.com/support/errata/RHSA-2005-674.html http://www.redhat.com/support/errata/RHSA-2005-881.html http://secunia.com/advisories/14531 http://secunia.com/advisories/17079 http://secunia.com/advisories/18075 http://secunia.com/advisories/18517 http://secunia.com/advisories/55314 SGI Security Advisory: 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U https://usn.ubuntu.com/94-1/ Common Vulnerability Exposure (CVE) ID: CVE-2005-0155 BugTraq ID: 12426 http://www.securityfocus.com/bid/12426 Bugtraq: 20050202 [USN-72-1] Perl vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110737149402683&w=2 http://marc.info/?l=full-disclosure&m=110779723332339&w=2 http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:031 http://www.digitalmunition.com/DMA[2005-0131a].txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404 http://www.redhat.com/support/errata/RHSA-2005-103.html http://www.redhat.com/support/errata/RHSA-2005-105.html http://secunia.com/advisories/14120 http://secunia.com/advisories/21646 http://www.trustix.org/errata/2005/0003/ XForce ISS Database: perl-perliodebug-file-overwrite(19207) https://exchange.xforce.ibmcloud.com/vulnerabilities/19207 Common Vulnerability Exposure (CVE) ID: CVE-2005-0156 http://marc.info/?l=full-disclosure&m=110779721503111&w=2 http://www.digitalmunition.com/DMA[2005-0131b].txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803 XForce ISS Database: perl-perliodebug-bo(19208) https://exchange.xforce.ibmcloud.com/vulnerabilities/19208 Common Vulnerability Exposure (CVE) ID: CVE-2005-3962 102192 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 15629 http://www.securityfocus.com/bid/15629 17762 http://secunia.com/advisories/17762 17802 http://secunia.com/advisories/17802 17844 http://secunia.com/advisories/17844 17941 http://secunia.com/advisories/17941 17952 http://secunia.com/advisories/17952 17993 http://secunia.com/advisories/17993 18075 18183 http://secunia.com/advisories/18183 18187 http://secunia.com/advisories/18187 18295 http://secunia.com/advisories/18295 18413 http://secunia.com/advisories/18413 18517 19041 http://secunia.com/advisories/19041 20051201 Perl format string integer wrap vulnerability http://marc.info/?l=full-disclosure&m=113342788118630&w=2 http://www.securityfocus.com/archive/1/418333/100/0/threaded 20060101-01-U 20894 http://secunia.com/advisories/20894 21345 http://www.osvdb.org/21345 22255 http://www.osvdb.org/22255 23155 http://secunia.com/advisories/23155 31208 http://secunia.com/advisories/31208 ADV-2005-2688 http://www.vupen.com/english/advisories/2005/2688 ADV-2006-0771 http://www.vupen.com/english/advisories/2006/0771 ADV-2006-2613 http://www.vupen.com/english/advisories/2006/2613 ADV-2006-4750 http://www.vupen.com/english/advisories/2006/4750 APPLE-SA-2006-11-28 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html CLSA-2006:1056 DSA-943 http://www.debian.org/security/2006/dsa-943 FLSA-2006:176731 https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html GLSA-200512-01 http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml HPSBTU02125 http://www.securityfocus.com/archive/1/438726/100/0/threaded MDKSA-2005:225 http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 OpenPKG-SA-2005.025 http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html RHSA-2005:880 http://www.redhat.com/support/errata/RHSA-2005-880.html RHSA-2005:881 SSRT061105 SUSE-SA:2005:071 http://www.novell.com/linux/security/advisories/2005_71_perl.html SUSE-SR:2005:029 http://www.novell.com/linux/security/advisories/2005_29_sr.html TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html TSLSA-2005-0070 http://www.trustix.org/errata/2005/0070 USN-222-1 https://usn.ubuntu.com/222-1/ VU#948385 http://www.kb.cert.org/vuls/id/948385 [3.7] 20060105 007: SECURITY FIX: January 5, 2006 http://www.openbsd.org/errata37.html#perl ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch http://docs.info.apple.com/article.html?artnum=304829 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.dyadsecurity.com/perl-0002.html http://www.ipcop.org/index.php?name=News&file=article&sid=41 oval:org.mitre.oval:def:10598 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 oval:org.mitre.oval:def:1074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.