 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51288 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu 4.10 USN-72-1 (perl) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to perl announced via advisory USN-72-1. Two exploitable vulnerabilities involving setuid-enabled perl scripts have been discovered. The package 'perl-suid' provides a wrapper around perl which allows to use setuid-root perl scripts, i.e. user-callable Perl scripts which have full root privileges. Previous versions allowed users to overwrite arbitrary files by setting the PERLIO_DEBUG environment variable and calling an arbitrary setuid-root perl script. The file that PERLIO_DEBUG points to was then overwritten by Perl debug messages. This did not allow precise control over the file content, but could destroy important data. PERLIO_DEBUG is now ignored for setuid scripts. (CVE-2005-0155) In addition, calling a setuid-root perl script with a very long path caused a buffer overflow if PERLIO_DEBUG was set. This buffer overflow could be exploited to execute arbitrary files with full root privileges. (CVE-2005-0156) The following packages are affected: perl Solution: The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.3. In general, a standard system upgrade is sufficient to effect the necessary changes. http://lists.ubuntu.com/archives/ubuntu-security-announce/2005-February/000074.html Risk factor : Medium CVSS Score: 4.6 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0155 BugTraq ID: 12426 http://www.securityfocus.com/bid/12426 Bugtraq: 20050202 [USN-72-1] Perl vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110737149402683&w=2 Conectiva Linux advisory: CLSA-2006:1056 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 http://fedoranews.org/updates/FEDORA--.shtml http://marc.info/?l=full-disclosure&m=110779723332339&w=2 http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:031 http://www.digitalmunition.com/DMA[2005-0131a].txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404 http://www.redhat.com/support/errata/RHSA-2005-103.html http://www.redhat.com/support/errata/RHSA-2005-105.html http://secunia.com/advisories/14120 http://secunia.com/advisories/21646 http://www.trustix.org/errata/2005/0003/ XForce ISS Database: perl-perliodebug-file-overwrite(19207) https://exchange.xforce.ibmcloud.com/vulnerabilities/19207 Common Vulnerability Exposure (CVE) ID: CVE-2005-0156 http://marc.info/?l=full-disclosure&m=110779721503111&w=2 http://www.digitalmunition.com/DMA[2005-0131b].txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803 http://secunia.com/advisories/55314 XForce ISS Database: perl-perliodebug-bo(19208) https://exchange.xforce.ibmcloud.com/vulnerabilities/19208 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |