English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56038
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:881
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2005:881.

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

An integer overflow bug was found in Perl's format string processor. It is
possible for an attacker to cause perl to crash or execute arbitrary code
if the attacker is able to process a malicious format string. This issue
is only exploitable through a script wich passes arbitrary untrusted
strings to the format string processor. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3962 to this issue.

Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module
removed directory trees. If a local user has write permissions to a
subdirectory within the tree being removed by File::Path::rmtree, it is
possible for them to create setuid binary files. (CVE-2005-0448)

Solar Designer discovered several temporary file bugs in various Perl
modules. A local attacker could overwrite or create files as the user
running a Perl script that uses a vulnerable module. (CVE-2004-0976)

Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues as well as fixes for
several bugs.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-881.html

Risk factor : Medium

CVSS Score:
4.6

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0976
BugTraq ID: 11294
http://www.securityfocus.com/bid/11294
Debian Security Information: DSA-620 (Google Search)
http://www.debian.org/security/2004/dsa-620
http://fedoranews.org/updates/FEDORA--.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:031
http://marc.info/?l=bugtraq&m=110547693019788&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752
http://www.redhat.com/support/errata/RHSA-2005-881.html
http://secunia.com/advisories/17661
http://secunia.com/advisories/18075
http://www.trustix.org/errata/2004/0050
XForce ISS Database: script-temporary-file-overwrite(17583)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Common Vulnerability Exposure (CVE) ID: CVE-2005-0448
BugTraq ID: 12767
http://www.securityfocus.com/bid/12767
Conectiva Linux advisory: CLSA-2006:1056
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
Debian Security Information: DSA-696 (Google Search)
http://www.debian.org/security/2005/dsa-696
http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml
HPdes Security Advisory: HPSBUX01208
http://www.securityfocus.com/advisories/8704
HPdes Security Advisory: SSRT5938
http://www.mandriva.com/security/advisories?name=MDKSA-2005:079
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728
http://www.redhat.com/support/errata/RHSA-2005-674.html
http://secunia.com/advisories/14531
http://secunia.com/advisories/17079
http://secunia.com/advisories/18517
http://secunia.com/advisories/55314
SGI Security Advisory: 20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
https://usn.ubuntu.com/94-1/
Common Vulnerability Exposure (CVE) ID: CVE-2005-3962
102192
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
15629
http://www.securityfocus.com/bid/15629
17762
http://secunia.com/advisories/17762
17802
http://secunia.com/advisories/17802
17844
http://secunia.com/advisories/17844
17941
http://secunia.com/advisories/17941
17952
http://secunia.com/advisories/17952
17993
http://secunia.com/advisories/17993
18075
18183
http://secunia.com/advisories/18183
18187
http://secunia.com/advisories/18187
18295
http://secunia.com/advisories/18295
18413
http://secunia.com/advisories/18413
18517
19041
http://secunia.com/advisories/19041
20051201 Perl format string integer wrap vulnerability
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
http://www.securityfocus.com/archive/1/418333/100/0/threaded
20060101-01-U
20894
http://secunia.com/advisories/20894
21345
http://www.osvdb.org/21345
22255
http://www.osvdb.org/22255
23155
http://secunia.com/advisories/23155
31208
http://secunia.com/advisories/31208
ADV-2005-2688
http://www.vupen.com/english/advisories/2005/2688
ADV-2006-0771
http://www.vupen.com/english/advisories/2006/0771
ADV-2006-2613
http://www.vupen.com/english/advisories/2006/2613
ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4750
APPLE-SA-2006-11-28
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
CLSA-2006:1056
DSA-943
http://www.debian.org/security/2006/dsa-943
FLSA-2006:176731
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
GLSA-200512-01
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
HPSBTU02125
http://www.securityfocus.com/archive/1/438726/100/0/threaded
MDKSA-2005:225
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
OpenPKG-SA-2005.025
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
RHSA-2005:880
http://www.redhat.com/support/errata/RHSA-2005-880.html
RHSA-2005:881
SSRT061105
SUSE-SA:2005:071
http://www.novell.com/linux/security/advisories/2005_71_perl.html
SUSE-SR:2005:029
http://www.novell.com/linux/security/advisories/2005_29_sr.html
TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
TSLSA-2005-0070
http://www.trustix.org/errata/2005/0070
USN-222-1
https://usn.ubuntu.com/222-1/
VU#948385
http://www.kb.cert.org/vuls/id/948385
[3.7] 20060105 007: SECURITY FIX: January 5, 2006
http://www.openbsd.org/errata37.html#perl
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
http://docs.info.apple.com/article.html?artnum=304829
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.dyadsecurity.com/perl-0002.html
http://www.ipcop.org/index.php?name=News&file=article&sid=41
oval:org.mitre.oval:def:10598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
oval:org.mitre.oval:def:1074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.