Vulnerabilities > CVE-2004-0976 - Unspecified vulnerability in Larry Wall Perl
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN larry-wall
nessus
Summary
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-16-1.NASL description Recently, Trustix Secure Linux discovered some vulnerabilities in the perl package. The utility last seen 2020-06-01 modified 2020-06-02 plugin id 20564 published 2006-01-15 reporter Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20564 title Ubuntu 4.10 : perl vulnerabilities (USN-16-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-16-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20564); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:59"); script_cve_id("CVE-2004-0976"); script_xref(name:"USN", value:"16-1"); script_name(english:"Ubuntu 4.10 : perl vulnerabilities (USN-16-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Recently, Trustix Secure Linux discovered some vulnerabilities in the perl package. The utility 'instmodsh', the Perl package 'PPPort.pm', and several test scripts (which are not shipped and only used during build) created temporary files in an insecure way, which could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program, or building the perl package, respectively. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcgi-fast-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libperl-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libperl5.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-suid"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"libcgi-fast-perl", pkgver:"5.8.4-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libperl-dev", pkgver:"5.8.4-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"libperl5.8", pkgver:"5.8.4-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"perl", pkgver:"5.8.4-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"perl-base", pkgver:"5.8.4-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"perl-debug", pkgver:"5.8.4-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"perl-doc", pkgver:"5.8.4-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"perl-modules", pkgver:"5.8.4-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"perl-suid", pkgver:"5.8.4-2ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcgi-fast-perl / libperl-dev / libperl5.8 / perl / perl-base / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-881.NASL description Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl last seen 2020-06-01 modified 2020-06-02 plugin id 20367 published 2005-12-30 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20367 title RHEL 3 : perl (RHSA-2005:881) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:881. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(20367); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2004-0976", "CVE-2005-0448", "CVE-2005-3962"); script_xref(name:"RHSA", value:"2005:881"); script_name(english:"RHEL 3 : perl (RHSA-2005:881)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl's format string processor. It is possible for an attacker to cause perl to crash or execute arbitrary code if the attacker is able to process a malicious format string. This issue is only exploitable through a script wich passes arbitrary untrusted strings to the format string processor. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3962 to this issue. Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module removed directory trees. If a local user has write permissions to a subdirectory within the tree being removed by File::Path::rmtree, it is possible for them to create setuid binary files. (CVE-2005-0448) Solar Designer discovered several temporary file bugs in various Perl modules. A local attacker could overwrite or create files as the user running a Perl script that uses a vulnerable module. (CVE-2004-0976) Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues as well as fixes for several bugs." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0976" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0448" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3962" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:881" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CGI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CPAN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-DB_File"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-suidperl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:881"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"perl-5.8.0-90.4")) flag++; if (rpm_check(release:"RHEL3", reference:"perl-CGI-2.89-90.4")) flag++; if (rpm_check(release:"RHEL3", reference:"perl-CPAN-1.61-90.4")) flag++; if (rpm_check(release:"RHEL3", reference:"perl-DB_File-1.806-90.4")) flag++; if (rpm_check(release:"RHEL3", reference:"perl-suidperl-5.8.0-90.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-CGI / perl-CPAN / perl-DB_File / perl-suidperl"); } }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-031.NASL description Jeroen van Wolffelaar discovered that the rmtree() function in the perl File::Path module would remove directories in an insecure manner which could lead to the removal of arbitrary files and directories via a symlink attack (CVE-2004-0452). Trustix developers discovered several insecure uses of temporary files in many modules which could allow a local attacker to overwrite files via symlink attacks (CVE-2004-0976). last seen 2020-06-01 modified 2020-06-02 plugin id 16360 published 2005-02-10 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16360 title Mandrake Linux Security Advisory : perl (MDKSA-2005:031) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:031. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(16360); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0452", "CVE-2004-0976", "CVE-2005-0155", "CVE-2005-0156"); script_xref(name:"MDKSA", value:"2005:031"); script_name(english:"Mandrake Linux Security Advisory : perl (MDKSA-2005:031)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Jeroen van Wolffelaar discovered that the rmtree() function in the perl File::Path module would remove directories in an insecure manner which could lead to the removal of arbitrary files and directories via a symlink attack (CVE-2004-0452). Trustix developers discovered several insecure uses of temporary files in many modules which could allow a local attacker to overwrite files via symlink attacks (CVE-2004-0976). 'KF' discovered two vulnerabilities involving setuid-enabled perl scripts. By setting the PERLIO_DEBUG environment variable and calling an arbitrary setuid-root perl script, an attacker could overwrite arbitrary files with perl debug messages (CVE-2005-0155). As well, calling a setuid-root perl script with a very long path would cause a buffer overflow if PERLIO_DEBUG was set, which could be exploited to execute arbitrary files with root privileges (CVE-2005-0156). The provided packages have been patched to resolve these problems." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2005/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"perl-5.8.3-5.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"perl-base-5.8.3-5.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"perl-devel-5.8.3-5.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"perl-doc-5.8.3-5.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"perl-5.8.5-3.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"perl-base-5.8.5-3.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"perl-devel-5.8.5-3.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"perl-doc-5.8.5-3.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"perl-5.8.1-0.RC4.3.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"perl-base-5.8.1-0.RC4.3.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"perl-devel-5.8.1-0.RC4.3.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"perl-doc-5.8.1-0.RC4.3.3.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-881.NASL description Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl last seen 2020-06-01 modified 2020-06-02 plugin id 21877 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21877 title CentOS 3 : perl (CESA-2005:881) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:881 and # CentOS Errata and Security Advisory 2005:881 respectively. # include("compat.inc"); if (description) { script_id(21877); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2004-0976", "CVE-2005-0448", "CVE-2005-3962"); script_xref(name:"RHSA", value:"2005:881"); script_name(english:"CentOS 3 : perl (CESA-2005:881)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl's format string processor. It is possible for an attacker to cause perl to crash or execute arbitrary code if the attacker is able to process a malicious format string. This issue is only exploitable through a script wich passes arbitrary untrusted strings to the format string processor. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3962 to this issue. Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module removed directory trees. If a local user has write permissions to a subdirectory within the tree being removed by File::Path::rmtree, it is possible for them to create setuid binary files. (CVE-2005-0448) Solar Designer discovered several temporary file bugs in various Perl modules. A local attacker could overwrite or create files as the user running a Perl script that uses a vulnerable module. (CVE-2004-0976) Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues as well as fixes for several bugs." ); # https://lists.centos.org/pipermail/centos-announce/2005-December/012484.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d3499679" ); # https://lists.centos.org/pipermail/centos-announce/2005-December/012485.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b2e0e61e" ); # https://lists.centos.org/pipermail/centos-announce/2005-December/012491.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ad8f78f3" ); script_set_attribute(attribute:"solution", value:"Update the affected perl packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-CGI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-CPAN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-DB_File"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-suidperl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"perl-5.8.0-90.4")) flag++; if (rpm_check(release:"CentOS-3", reference:"perl-CGI-2.89-90.4")) flag++; if (rpm_check(release:"CentOS-3", reference:"perl-CPAN-1.61-90.4")) flag++; if (rpm_check(release:"CentOS-3", reference:"perl-DB_File-1.806-90.4")) flag++; if (rpm_check(release:"CentOS-3", reference:"perl-suidperl-5.8.0-90.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-CGI / perl-CPAN / perl-DB_File / perl-suidperl"); }NASL family Fedora Local Security Checks NASL id FEDORA_2005-1116.NASL description Fixes security vulnerabilites: CVE-2005-3962: http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2 CVE-2005-3912: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912 CVE-2005-0452: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0452 CVE-2004-0976: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20258 published 2005-12-07 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20258 title Fedora Core 3 : perl-5.8.5-18.FC3 (2005-1116) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-1116. # include("compat.inc"); if (description) { script_id(20258); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2004-0976", "CVE-2005-0452", "CVE-2005-3912"); script_xref(name:"FEDORA", value:"2005-1116"); script_name(english:"Fedora Core 3 : perl-5.8.5-18.FC3 (2005-1116)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes security vulnerabilites: CVE-2005-3962: http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2 CVE-2005-3912: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912 CVE-2005-0452: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0452 CVE-2004-0976: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2 script_set_attribute( attribute:"see_also", value:"http://marc.info/?l=full-disclosure&m=113342788118630&w=2" ); # https://lists.fedoraproject.org/pipermail/announce/2005-December/001619.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d31a6906" ); script_set_attribute( attribute:"solution", value: "Update the affected perl, perl-debuginfo and / or perl-suidperl packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-suidperl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"perl-5.8.5-18.FC3")) flag++; if (rpm_check(release:"FC3", reference:"perl-debuginfo-5.8.5-18.FC3")) flag++; if (rpm_check(release:"FC3", reference:"perl-suidperl-5.8.5-18.FC3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-debuginfo / perl-suidperl"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-620.NASL description Several vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0452 Jeroen van Wolffelaar discovered that the rmtree() function in the File::Path module removes directory trees in an insecure manner which could lead to the removal of arbitrary files and directories through a symlink attack. - CAN-2004-0976 Trustix developers discovered several insecure uses of temporary files in many modules which allow a local attacker to overwrite files via a symlink attack. last seen 2020-06-01 modified 2020-06-02 plugin id 16073 published 2005-01-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16073 title Debian DSA-620-1 : perl - insecure temporary files / directories code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-620. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(16073); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0452", "CVE-2004-0976"); script_xref(name:"DSA", value:"620"); script_name(english:"Debian DSA-620-1 : perl - insecure temporary files / directories"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0452 Jeroen van Wolffelaar discovered that the rmtree() function in the File::Path module removes directory trees in an insecure manner which could lead to the removal of arbitrary files and directories through a symlink attack. - CAN-2004-0976 Trustix developers discovered several insecure uses of temporary files in many modules which allow a local attacker to overwrite files via a symlink attack." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-620" ); script_set_attribute( attribute:"solution", value: "Upgrade the perl packages. For the stable distribution (woody) these problems have been fixed in version 5.6.1-8.8." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/02"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libcgi-fast-perl", reference:"5.6.1-8.8")) flag++; if (deb_check(release:"3.0", prefix:"libperl-dev", reference:"5.6.1-8.8")) flag++; if (deb_check(release:"3.0", prefix:"libperl5.6", reference:"5.6.1-8.8")) flag++; if (deb_check(release:"3.0", prefix:"perl", reference:"5.6.1-8.8")) flag++; if (deb_check(release:"3.0", prefix:"perl-base", reference:"5.6.1-8.8")) flag++; if (deb_check(release:"3.0", prefix:"perl-debug", reference:"5.6.1-8.8")) flag++; if (deb_check(release:"3.0", prefix:"perl-doc", reference:"5.6.1-8.8")) flag++; if (deb_check(release:"3.0", prefix:"perl-modules", reference:"5.6.1-8.8")) flag++; if (deb_check(release:"3.0", prefix:"perl-suid", reference:"5.6.1-8.8")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200412-04.NASL description The remote host is affected by the vulnerability described in GLSA-200412-04 (Perl: Insecure temporary file creation) Some Perl modules create temporary files in world-writable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a Perl script is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15921 published 2004-12-07 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15921 title GLSA-200412-04 : Perl: Insecure temporary file creation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200412-04. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15921); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2004-0976"); script_xref(name:"GLSA", value:"200412-04"); script_name(english:"GLSA-200412-04 : Perl: Insecure temporary file creation"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200412-04 (Perl: Insecure temporary file creation) Some Perl modules create temporary files in world-writable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a Perl script is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"http://www.trustix.org/errata/2004/0050/" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200412-04" ); script_set_attribute( attribute:"solution", value: "All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=perl-5.8.5-r2'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/07"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/perl", unaffected:make_list("rge 5.8.5-r2", "ge 5.8.6-r1"), vulnerable:make_list("lt 5.8.5-r2", "eq 5.8.6"))) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get()); else security_note(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl"); }
Oval
| accepted | 2013-04-29T04:21:52.119-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:9752 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | ||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140058 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://www.securityfocus.com/bid/11294
- http://www.debian.org/security/2004/dsa-620
- http://www.trustix.org/errata/2004/0050
- http://www.redhat.com/support/errata/RHSA-2005-881.html
- http://secunia.com/advisories/18075
- http://fedoranews.org/updates/FEDORA--.shtml
- http://secunia.com/advisories/17661
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:031
- http://marc.info/?l=bugtraq&m=110547693019788&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752