Vulnerabilities > CVE-2004-0976 - Unspecified vulnerability in Larry Wall Perl

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
larry-wall
nessus

Summary

Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-16-1.NASL
    descriptionRecently, Trustix Secure Linux discovered some vulnerabilities in the perl package. The utility
    last seen2020-06-01
    modified2020-06-02
    plugin id20564
    published2006-01-15
    reporterUbuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20564
    titleUbuntu 4.10 : perl vulnerabilities (USN-16-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-16-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20564);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:59");
    
      script_cve_id("CVE-2004-0976");
      script_xref(name:"USN", value:"16-1");
    
      script_name(english:"Ubuntu 4.10 : perl vulnerabilities (USN-16-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Recently, Trustix Secure Linux discovered some vulnerabilities in the
    perl package. The utility 'instmodsh', the Perl package 'PPPort.pm',
    and several test scripts (which are not shipped and only used during
    build) created temporary files in an insecure way, which could allow a
    symlink attack to create or overwrite arbitrary files with the
    privileges of the user invoking the program, or building the perl
    package, respectively.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcgi-fast-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libperl-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libperl5.8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-suid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"libcgi-fast-perl", pkgver:"5.8.4-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libperl-dev", pkgver:"5.8.4-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libperl5.8", pkgver:"5.8.4-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl", pkgver:"5.8.4-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-base", pkgver:"5.8.4-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-debug", pkgver:"5.8.4-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-doc", pkgver:"5.8.4-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-modules", pkgver:"5.8.4-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-suid", pkgver:"5.8.4-2ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcgi-fast-perl / libperl-dev / libperl5.8 / perl / perl-base / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-881.NASL
    descriptionUpdated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl
    last seen2020-06-01
    modified2020-06-02
    plugin id20367
    published2005-12-30
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20367
    titleRHEL 3 : perl (RHSA-2005:881)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:881. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20367);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2004-0976", "CVE-2005-0448", "CVE-2005-3962");
      script_xref(name:"RHSA", value:"2005:881");
    
      script_name(english:"RHEL 3 : perl (RHSA-2005:881)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Perl packages that fix security issues and bugs are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Perl is a high-level programming language commonly used for system
    administration utilities and Web programming.
    
    An integer overflow bug was found in Perl's format string processor.
    It is possible for an attacker to cause perl to crash or execute
    arbitrary code if the attacker is able to process a malicious format
    string. This issue is only exploitable through a script wich passes
    arbitrary untrusted strings to the format string processor. The Common
    Vulnerabilities and Exposures project assigned the name CVE-2005-3962
    to this issue.
    
    Paul Szabo discovered a bug in the way Perl's File::Path::rmtree
    module removed directory trees. If a local user has write permissions
    to a subdirectory within the tree being removed by File::Path::rmtree,
    it is possible for them to create setuid binary files. (CVE-2005-0448)
    
    Solar Designer discovered several temporary file bugs in various Perl
    modules. A local attacker could overwrite or create files as the user
    running a Perl script that uses a vulnerable module. (CVE-2004-0976)
    
    Users of Perl are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues as well as fixes
    for several bugs."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3962"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:881"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CGI");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CPAN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-DB_File");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:881";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"perl-5.8.0-90.4")) flag++;
      if (rpm_check(release:"RHEL3", reference:"perl-CGI-2.89-90.4")) flag++;
      if (rpm_check(release:"RHEL3", reference:"perl-CPAN-1.61-90.4")) flag++;
      if (rpm_check(release:"RHEL3", reference:"perl-DB_File-1.806-90.4")) flag++;
      if (rpm_check(release:"RHEL3", reference:"perl-suidperl-5.8.0-90.4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-CGI / perl-CPAN / perl-DB_File / perl-suidperl");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-031.NASL
    descriptionJeroen van Wolffelaar discovered that the rmtree() function in the perl File::Path module would remove directories in an insecure manner which could lead to the removal of arbitrary files and directories via a symlink attack (CVE-2004-0452). Trustix developers discovered several insecure uses of temporary files in many modules which could allow a local attacker to overwrite files via symlink attacks (CVE-2004-0976).
    last seen2020-06-01
    modified2020-06-02
    plugin id16360
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16360
    titleMandrake Linux Security Advisory : perl (MDKSA-2005:031)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:031. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16360);
      script_version ("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2004-0452", "CVE-2004-0976", "CVE-2005-0155", "CVE-2005-0156");
      script_xref(name:"MDKSA", value:"2005:031");
    
      script_name(english:"Mandrake Linux Security Advisory : perl (MDKSA-2005:031)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Jeroen van Wolffelaar discovered that the rmtree() function in the
    perl File::Path module would remove directories in an insecure manner
    which could lead to the removal of arbitrary files and directories via
    a symlink attack (CVE-2004-0452).
    
    Trustix developers discovered several insecure uses of temporary files
    in many modules which could allow a local attacker to overwrite files
    via symlink attacks (CVE-2004-0976).
    
    'KF' discovered two vulnerabilities involving setuid-enabled perl
    scripts. By setting the PERLIO_DEBUG environment variable and calling
    an arbitrary setuid-root perl script, an attacker could overwrite
    arbitrary files with perl debug messages (CVE-2005-0155). As well,
    calling a setuid-root perl script with a very long path would cause a
    buffer overflow if PERLIO_DEBUG was set, which could be exploited to
    execute arbitrary files with root privileges (CVE-2005-0156).
    
    The provided packages have been patched to resolve these problems."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", reference:"perl-5.8.3-5.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"perl-base-5.8.3-5.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"perl-devel-5.8.3-5.3.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"perl-doc-5.8.3-5.3.100mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.1", reference:"perl-5.8.5-3.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"perl-base-5.8.5-3.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"perl-devel-5.8.5-3.3.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"perl-doc-5.8.5-3.3.101mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.2", reference:"perl-5.8.1-0.RC4.3.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"perl-base-5.8.1-0.RC4.3.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"perl-devel-5.8.1-0.RC4.3.3.92mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.2", reference:"perl-doc-5.8.1-0.RC4.3.3.92mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-881.NASL
    descriptionUpdated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl
    last seen2020-06-01
    modified2020-06-02
    plugin id21877
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21877
    titleCentOS 3 : perl (CESA-2005:881)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:881 and 
    # CentOS Errata and Security Advisory 2005:881 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21877);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2004-0976", "CVE-2005-0448", "CVE-2005-3962");
      script_xref(name:"RHSA", value:"2005:881");
    
      script_name(english:"CentOS 3 : perl (CESA-2005:881)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Perl packages that fix security issues and bugs are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Perl is a high-level programming language commonly used for system
    administration utilities and Web programming.
    
    An integer overflow bug was found in Perl's format string processor.
    It is possible for an attacker to cause perl to crash or execute
    arbitrary code if the attacker is able to process a malicious format
    string. This issue is only exploitable through a script wich passes
    arbitrary untrusted strings to the format string processor. The Common
    Vulnerabilities and Exposures project assigned the name CVE-2005-3962
    to this issue.
    
    Paul Szabo discovered a bug in the way Perl's File::Path::rmtree
    module removed directory trees. If a local user has write permissions
    to a subdirectory within the tree being removed by File::Path::rmtree,
    it is possible for them to create setuid binary files. (CVE-2005-0448)
    
    Solar Designer discovered several temporary file bugs in various Perl
    modules. A local attacker could overwrite or create files as the user
    running a Perl script that uses a vulnerable module. (CVE-2004-0976)
    
    Users of Perl are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues as well as fixes
    for several bugs."
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-December/012484.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d3499679"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-December/012485.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b2e0e61e"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-December/012491.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ad8f78f3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected perl packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-CGI");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-CPAN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-DB_File");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"perl-5.8.0-90.4")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"perl-CGI-2.89-90.4")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"perl-CPAN-1.61-90.4")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"perl-DB_File-1.806-90.4")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"perl-suidperl-5.8.0-90.4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-CGI / perl-CPAN / perl-DB_File / perl-suidperl");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-1116.NASL
    descriptionFixes security vulnerabilites: CVE-2005-3962: http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2 CVE-2005-3912: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912 CVE-2005-0452: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0452 CVE-2004-0976: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20258
    published2005-12-07
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20258
    titleFedora Core 3 : perl-5.8.5-18.FC3 (2005-1116)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-1116.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20258);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2004-0976", "CVE-2005-0452", "CVE-2005-3912");
      script_xref(name:"FEDORA", value:"2005-1116");
    
      script_name(english:"Fedora Core 3 : perl-5.8.5-18.FC3 (2005-1116)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixes security vulnerabilites: CVE-2005-3962:
    http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
    CVE-2005-3912:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912
    CVE-2005-0452:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0452
    CVE-2004-0976:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
      script_set_attribute(
        attribute:"see_also",
        value:"http://marc.info/?l=full-disclosure&m=113342788118630&w=2"
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-December/001619.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d31a6906"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected perl, perl-debuginfo and / or perl-suidperl
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"perl-5.8.5-18.FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"perl-debuginfo-5.8.5-18.FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"perl-suidperl-5.8.5-18.FC3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-debuginfo / perl-suidperl");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-620.NASL
    descriptionSeveral vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0452 Jeroen van Wolffelaar discovered that the rmtree() function in the File::Path module removes directory trees in an insecure manner which could lead to the removal of arbitrary files and directories through a symlink attack. - CAN-2004-0976 Trustix developers discovered several insecure uses of temporary files in many modules which allow a local attacker to overwrite files via a symlink attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id16073
    published2005-01-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16073
    titleDebian DSA-620-1 : perl - insecure temporary files / directories
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-620. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16073);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2004-0452", "CVE-2004-0976");
      script_xref(name:"DSA", value:"620");
    
      script_name(english:"Debian DSA-620-1 : perl - insecure temporary files / directories");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in Perl, the popular
    scripting language. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CAN-2004-0452
        Jeroen van Wolffelaar discovered that the rmtree()
        function in the File::Path module removes directory
        trees in an insecure manner which could lead to the
        removal of arbitrary files and directories through a
        symlink attack.
    
      - CAN-2004-0976
    
        Trustix developers discovered several insecure uses of
        temporary files in many modules which allow a local
        attacker to overwrite files via a symlink attack."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2004/dsa-620"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the perl packages.
    
    For the stable distribution (woody) these problems have been fixed in
    version 5.6.1-8.8."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/12/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/02");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"libcgi-fast-perl", reference:"5.6.1-8.8")) flag++;
    if (deb_check(release:"3.0", prefix:"libperl-dev", reference:"5.6.1-8.8")) flag++;
    if (deb_check(release:"3.0", prefix:"libperl5.6", reference:"5.6.1-8.8")) flag++;
    if (deb_check(release:"3.0", prefix:"perl", reference:"5.6.1-8.8")) flag++;
    if (deb_check(release:"3.0", prefix:"perl-base", reference:"5.6.1-8.8")) flag++;
    if (deb_check(release:"3.0", prefix:"perl-debug", reference:"5.6.1-8.8")) flag++;
    if (deb_check(release:"3.0", prefix:"perl-doc", reference:"5.6.1-8.8")) flag++;
    if (deb_check(release:"3.0", prefix:"perl-modules", reference:"5.6.1-8.8")) flag++;
    if (deb_check(release:"3.0", prefix:"perl-suid", reference:"5.6.1-8.8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200412-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200412-04 (Perl: Insecure temporary file creation) Some Perl modules create temporary files in world-writable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a Perl script is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id15921
    published2004-12-07
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15921
    titleGLSA-200412-04 : Perl: Insecure temporary file creation
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200412-04.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15921);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:42");
    
      script_cve_id("CVE-2004-0976");
      script_xref(name:"GLSA", value:"200412-04");
    
      script_name(english:"GLSA-200412-04 : Perl: Insecure temporary file creation");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200412-04
    (Perl: Insecure temporary file creation)
    
        Some Perl modules create temporary files in world-writable
        directories with predictable names.
      
    Impact :
    
        A local attacker could create symbolic links in the temporary
        files directory, pointing to a valid file somewhere on the filesystem.
        When a Perl script is executed, this would result in the file being
        overwritten with the rights of the user running the utility, which
        could be the root user.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.trustix.org/errata/2004/0050/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200412-04"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Perl users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=perl-5.8.5-r2'"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/12/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/07");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/perl", unaffected:make_list("rge 5.8.5-r2", "ge 5.8.6-r1"), vulnerable:make_list("lt 5.8.5-r2", "eq 5.8.6"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl");
    }
    

Oval

accepted2013-04-29T04:21:52.119-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionMultiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
familyunix
idoval:org.mitre.oval:def:9752
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
version26

Redhat

advisories
rhsa
idRHSA-2005:881
rpms
  • perl-2:5.8.0-90.4
  • perl-CGI-2:2.89-90.4
  • perl-CPAN-2:1.61-90.4
  • perl-DB_File-2:1.806-90.4
  • perl-suidperl-2:5.8.0-90.4

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140058 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.