Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN72-1 : perl vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
perl vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libcgi-fast-perl
- libperl-dev
- libperl5.8
- perl
- perl-base
- perl-debug
- perl-doc
- perl-modules
- perl-suid

Description :

Two exploitable vulnerabilities involving setuid-enabled perl scripts
have been discovered. The package "perl-suid" provides a wrapper
around perl which allows to use setuid-root perl scripts, i.e.
user-callable Perl scripts which have full root rights.

Previous versions allowed users to overwrite arbitrary files by
setting the PERLIO_DEBUG environment variable and calling an arbitrary
setuid-root perl script. The file that PERLIO_DEBUG points to was then
overwritten by Perl debug messages. This did not allow precise control
over the file content, but could destroy important data. PERLIO_DEBUG
is now ignored for setuid scripts. (CVE-2005-0155)

In addition, calling a setuid-root perl script with a very long path
caused a buffer overflow if PERLIO_DEBUG was set. This buffer overflow
could be exploited to execute arbitrary files with full root
rights. (CVE-2005-0156)

Solution :

Upgrade to :
- libcgi-fast-perl-5.8.4-2ubuntu0.3 (Ubuntu 4.10)
- libperl-dev-5.8.4-2ubuntu0.3 (Ubuntu 4.10)
- libperl5.8-5.8.4-2ubuntu0.3 (Ubuntu 4.10)
- perl-5.8.4-2ubuntu0.3 (Ubuntu 4.10)
- perl-base-5.8.4-2ubuntu0.3 (Ubuntu 4.10)
- perl-debug-5.8.4-2ubuntu0.3 (Ubuntu 4.10)
- perl-doc-5.8.4-2ubuntu0.3 (Ubuntu 4.10)
- perl-modules-5.8.4-2ubuntu0.3 (Ubuntu 4.10)
- perl-suid-5.8.4-2ubuntu0.3 (Ubuntu 4.10)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.