Family: Red Hat Local Security Checks --> Category: infos
RHSA-2005-072: perl Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the perl packages
Detailed Explanation for this Vulnerability Test
An updated perl-DBI package that fixes a temporary file flaw in
DBI::ProxyServer is now available for Red Hat Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
DBI is a database access Application Programming Interface (API) for
the Perl programming language.
The Debian Security Audit Project discovered that the DBI library creates a
temporary PID file in an insecure manner. A local user could overwrite or
create files as a different user who happens to run an application which
uses DBI::ProxyServer. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0077 to this issue.
Users should update to this erratum package which disables the temporary
PID file unless configured.
Solution : http://rhn.redhat.com/errata/RHSA-2005-072.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.