Vulnerabilities > CVE-2005-0077 - Insecure Temporary File Creation vulnerability in Libdbi-perl
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| OS | 1 | |
| OS | 4 | |
| OS | 1 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-069.NASL description An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available. DBI is a database access Application Programming Interface (API) for the Perl programming language. The Debian Security Audit Project discovered that the DBI library creates a temporary PID file in an insecure manner. A local user could overwrite or create files as a different user who happens to run an application which uses DBI::ProxyServer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0077 to this issue. Users should update to this erratum package which disables the temporary PID file unless configured. last seen 2020-06-01 modified 2020-06-02 plugin id 16298 published 2005-02-02 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16298 title RHEL 2.1 / 3 : perl (RHSA-2005:069) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200501-38.NASL description The remote host is affected by the vulnerability described in GLSA-200501-38 (Perl: rmtree and DBI tmpfile vulnerabilities) Javier Fernandez-Sanguino Pena discovered that the DBI library creates temporary files in an insecure, predictable way (CAN-2005-0077). Paul Szabo found out that last seen 2020-06-01 modified 2020-06-02 plugin id 16429 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16429 title GLSA-200501-38 : Perl: rmtree and DBI tmpfile vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE9_9838.NASL description This update fixes insecure temp. file handling. (CVE-2005-0077) last seen 2020-06-01 modified 2020-06-02 plugin id 41346 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41346 title SuSE9 Security Update : perl-DBI (YOU Patch Number 9838) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-072.NASL description An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. DBI is a database access Application Programming Interface (API) for the Perl programming language. The Debian Security Audit Project discovered that the DBI library creates a temporary PID file in an insecure manner. A local user could overwrite or create files as a different user who happens to run an application which uses DBI::ProxyServer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0077 to this issue. Users should update to this erratum package which disables the temporary PID file unless configured. last seen 2020-06-01 modified 2020-06-02 plugin id 17180 published 2005-02-22 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17180 title RHEL 4 : perl-DBI (RHSA-2005:072) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-70-1.NASL description Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered that the module DBI::ProxyServer in Perl last seen 2020-06-01 modified 2020-06-02 plugin id 20691 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20691 title Ubuntu 4.10 : libdbi-perl vulnerabilities (USN-70-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-658.NASL description Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library. last seen 2020-06-01 modified 2020-06-02 plugin id 16249 published 2005-01-25 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16249 title Debian DSA-658-1 : libdbi-perl - insecure temporary file NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8CFB6F42D2B011DAA672000E0C2E438A.NASL description Javier Fernandez-Sanguino Pena reports : The DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library. last seen 2020-06-01 modified 2020-06-02 plugin id 21470 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21470 title FreeBSD : p5-DBI -- insecure temporary file creation vulnerability (8cfb6f42-d2b0-11da-a672-000e0c2e438a) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-030.NASL description Javier Fernandez-Sanguino Pena disovered the perl5 DBI library created a temporary PID file in an insecure manner, which could be exploited by a malicious user to overwrite arbitrary files owned by the user executing the parts of the library. The updated packages have been patched to prevent these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 16359 published 2005-02-10 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16359 title Mandrake Linux Security Advisory : perl-DBI (MDKSA-2005:030)
Oval
| accepted | 2013-04-29T04:06:39.204-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10552 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information. | ||||||||||||||||||||
| version | 25 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://marc.info/?l=bugtraq&m=110667936707597&w=2
- http://secunia.com/advisories/14015
- http://secunia.com/advisories/14050
- http://securitytracker.com/id?1013007
- http://www.debian.org/security/2005/dsa-658
- http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:030
- http://www.redhat.com/support/errata/RHSA-2005-072.html
- http://www.securityfocus.com/archive/1/426530/30/6600/threaded
- http://www.securityfocus.com/bid/12360
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19068
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10552