English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56038
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:881
Summary:Redhat Security Advisory RHSA-2005:881
Description:
The remote host is missing updates announced in
advisory RHSA-2005:881.

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

An integer overflow bug was found in Perl's format string processor. It is
possible for an attacker to cause perl to crash or execute arbitrary code
if the attacker is able to process a malicious format string. This issue
is only exploitable through a script wich passes arbitrary untrusted
strings to the format string processor. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3962 to this issue.

Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module
removed directory trees. If a local user has write permissions to a
subdirectory within the tree being removed by File::Path::rmtree, it is
possible for them to create setuid binary files. (CVE-2005-0448)

Solar Designer discovered several temporary file bugs in various Perl
modules. A local attacker could overwrite or create files as the user
running a Perl script that uses a vulnerable module. (CVE-2004-0976)

Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues as well as fixes for
several bugs.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-881.html

Risk factor : Medium
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0976
Debian Security Information: DSA-620 (Google Search)
http://www.debian.org/security/2004/dsa-620
http://fedoranews.org/updates/FEDORA--.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:031
http://www.redhat.com/support/errata/RHSA-2005-881.html
http://www.trustix.org/errata/2004/0050
http://marc.theaimsgroup.com/?l=bugtraq&m=110547693019788&w=2
BugTraq ID: 11294
http://www.securityfocus.com/bid/11294
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9752
http://secunia.com/advisories/18075
http://secunia.com/advisories/17661
XForce ISS Database: script-temporary-file-overwrite(17583)
http://xforce.iss.net/xforce/xfdb/17583
Common Vulnerability Exposure (CVE) ID: CVE-2005-0448
Conectiva Linux advisory: CLSA-2006:1056
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
Debian Security Information: DSA-696 (Google Search)
http://www.debian.org/security/2005/dsa-696
http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml
HPdes Security Advisory: HPSBUX01208
http://www.securityfocus.com/advisories/8704
HPdes Security Advisory: SSRT5938
http://www.mandriva.com/security/advisories?name=MDKSA-2005:079
http://www.redhat.com/support/errata/RHSA-2005-674.html
SGI Security Advisory: 20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://www.ubuntulinux.org/support/documentation/usn/usn-94-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:728
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10475
BugTraq ID: 12767
http://www.securityfocus.com/bid/12767
http://secunia.com/advisories/14531
http://secunia.com/advisories/18517
http://secunia.com/advisories/17079
http://secunia.com/advisories/55314
Common Vulnerability Exposure (CVE) ID: CVE-2005-3962
http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
Bugtraq: 20051201 Perl format string integer wrap vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/418333/100/0/threaded
http://www.dyadsecurity.com/perl-0002.html
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
Debian Security Information: DSA-943 (Google Search)
http://www.debian.org/security/2006/dsa-943
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
HPdes Security Advisory: HPSBTU02125
http://www.securityfocus.com/archive/1/archive/1/438726/100/0/threaded
HPdes Security Advisory: SSRT061105
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
OpenBSD Security Advisory: [3.7] 20060105 007: SECURITY FIX: January 5, 2006
http://www.openbsd.org/errata37.html#perl
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
http://www.redhat.com/support/errata/RHSA-2005-880.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
SuSE Security Announcement: SUSE-SA:2005:071 (Google Search)
http://www.novell.com/linux/security/advisories/2005_71_perl.html
SuSE Security Announcement: SUSE-SR:2005:029 (Google Search)
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.trustix.org/errata/2005/0070
http://www.ubuntulinux.org/support/documentation/usn/usn-222-1
Cert/CC Advisory: TA06-333A
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
CERT/CC vulnerability note: VU#948385
http://www.kb.cert.org/vuls/id/948385
BugTraq ID: 15629
http://www.securityfocus.com/bid/15629
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10598
http://www.vupen.com/english/advisories/2005/2688
http://www.vupen.com/english/advisories/2006/0771
http://www.vupen.com/english/advisories/2006/2613
http://www.vupen.com/english/advisories/2006/4750
http://www.osvdb.org/21345
http://www.osvdb.org/22255
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1074
http://secunia.com/advisories/17802
http://secunia.com/advisories/17844
http://secunia.com/advisories/17762
http://secunia.com/advisories/17941
http://secunia.com/advisories/17952
http://secunia.com/advisories/18183
http://secunia.com/advisories/18187
http://secunia.com/advisories/18295
http://secunia.com/advisories/17993
http://secunia.com/advisories/19041
http://secunia.com/advisories/18413
http://secunia.com/advisories/20894
http://secunia.com/advisories/23155
http://secunia.com/advisories/31208
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.