CVE-2005-0156

Vulnerable Configurations

Part	Description	Count
Application	Larry_Wall Larry Wall Perl 5.8.0 Larry Wall Perl 5.8.4.2 Larry Wall Perl 5.8.4 Larry Wall Perl 5.8.4.5 Larry Wall Perl 5.8.4.3 Larry Wall Perl 5.8.4.2.3 Larry Wall Perl 5.8.1 Larry Wall Perl 5.8.3 Larry Wall Perl 5.8.4.4 Larry Wall Perl 5.8.4.1	10
Application	Sgi SGI Propack 3.0	1
OS	Trustix Trustix Secure Linux 2.0 Trustix Secure Linux 1.5 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1	4
OS	Suse Suse Suse Linux 9.2 Suse Suse Linux 9.0 Suse Suse Linux 8.2 Suse Suse Linux 8.0 Suse Suse Linux 9.1 Suse Suse Linux 8.1	8
OS	Redhat Redhat Enterprise Linux Desktop 3.0 Redhat Enterprise Linux 3.0 Redhat Fedora Core Core_3.0	5
OS	Ubuntu Ubuntu Ubuntu Linux 4.1	2
OS	Ibm IBM AIX 5.3 IBM AIX 5.2	2

Exploit-Db

description	Setuid perl PerlIO_Debug() overflow. CVE-2005-0156. Local exploit for linux platform
id	EDB-ID:791
last seen	2016-01-31
modified	2005-02-07
published	2005-02-07
reporter	Kevin Finisterre
source	https://www.exploit-db.com/download/791/
title	Setuid perl PerlIO_Debug Overflow

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-103.NASL
description	Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team Perl is a high-level programming language commonly used for system administration utilities and Web programming. Kevin Finisterre discovered a stack based buffer overflow flaw in sperl, the Perl setuid wrapper. A local user could create a sperl executable script with a carefully created path name, overflowing the buffer and leading to root privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0156 to this issue. Kevin Finisterre discovered a flaw in sperl which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0155 to this issue. An unsafe file permission bug was discovered in the rmtree() function in the File::Path module. The rmtree() function removes files and directories in an insecure manner, which could allow a local user to read or delete arbitrary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0452 to this issue. Users of Perl are advised to upgrade to this updated package, which contains backported patches to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	17187
published	2005-02-22
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17187
title	RHEL 4 : perl (RHSA-2005:103)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_A5EB760A753C11D9A36F000A95BC6FAE.NASL
description	Kevin Finisterre discovered bugs in perl
last seen	2020-06-01
modified	2020-06-02
plugin id	19062
published	2005-07-13
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19062
title	FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-72-1.NASL
description	Two exploitable vulnerabilities involving setuid-enabled perl scripts have been discovered. The package
last seen	2020-06-01
modified	2020-06-02
plugin id	20693
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20693
title	Ubuntu 4.10 : perl vulnerabilities (USN-72-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-105.NASL
description	Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 3. Perl is a high-level programming language commonly used for system administration utilities and Web programming. Kevin Finisterre discovered a stack based buffer overflow flaw in sperl, the Perl setuid wrapper. A local user could create a sperl executable script with a carefully created path name, overflowing the buffer and leading to root privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0156 to this issue. Kevin Finisterre discovered a flaw in sperl which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0155 to this issue. Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	16361
published	2005-02-10
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/16361
title	RHEL 3 : perl (RHSA-2005:105)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-031.NASL
description	Jeroen van Wolffelaar discovered that the rmtree() function in the perl File::Path module would remove directories in an insecure manner which could lead to the removal of arbitrary files and directories via a symlink attack (CVE-2004-0452). Trustix developers discovered several insecure uses of temporary files in many modules which could allow a local attacker to overwrite files via symlink attacks (CVE-2004-0976).
last seen	2020-06-01
modified	2020-06-02
plugin id	16360
published	2005-02-10
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16360
title	Mandrake Linux Security Advisory : perl (MDKSA-2005:031)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_PERL-58_20131015.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. (CVE-2004-0452) - Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. (CVE-2005-0156) - Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. (CVE-2005-0448) - Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. (CVE-2005-4278) - Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. (CVE-2010-1158) - Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. (CVE-2011-2939) - CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. (CVE-2012-5526)
last seen	2020-06-01
modified	2020-06-02
plugin id	80731
published	2015-01-19
reporter	This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80731
title	Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_5526_configuration_vulnerability1)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200502-13.NASL
description	The remote host is affected by the vulnerability described in GLSA-200502-13 (Perl: Vulnerabilities in perl-suid wrapper) perl-suid scripts honor the PERLIO_DEBUG environment variable and write to that file with elevated privileges (CAN-2005-0155). Furthermore, calling a perl-suid script with a very long path while PERLIO_DEBUG is set could trigger a buffer overflow (CAN-2005-0156). Impact : A local attacker could set the PERLIO_DEBUG environment variable and call existing perl-suid scripts, resulting in file overwriting and potentially the execution of arbitrary code with root privileges. Workaround : You are not vulnerable if you do not have the perlsuid USE flag set or do not use perl-suid scripts.
last seen	2020-06-01
modified	2020-06-02
plugin id	16450
published	2005-02-14
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16450
title	GLSA-200502-13 : Perl: Vulnerabilities in perl-suid wrapper

Oval

accepted

2013-04-29T04:08:55.654-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

family

unix

id

oval:org.mitre.oval:def:10803

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

version

26

Redhat

advisories

rhsa
id RHSA-2005:103
rhsa
id RHSA-2005:105

rpms

perl-3:5.8.5-12.1
perl-debuginfo-3:5.8.5-12.1
perl-suidperl-3:5.8.5-12.1.1
perl-2:5.8.0-89.10
perl-CGI-2:2.81-89.10
perl-CPAN-2:1.61-89.10
perl-DB_File-2:1.804-89.10
perl-debuginfo-2:5.8.0-89.10
perl-suidperl-2:5.8.0-89.10

Vulnerabilities > CVE-2005-0156

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

Redhat

References

Vulnerabilities > CVE-2005-0156 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2005-0156"}]}

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Oval

Redhat

References

Vulnerabilities > CVE-2005-0156