|
Family: Debian Local Security Checks --> Category: infos
[DSA620] DSA-620-1 perl Vulnerability Scan
Vulnerability Scan Summary DSA-620-1 perl
Detailed Explanation for this Vulnerability Test
Several vulnerabilities have been discovered in Perl, the popular
scripting language. The Common Vulnerabilities and Exposures project
identifies the following problems:
Jeroen van Wolffelaar discovered that the rmtree() function in the
File::Path module removes directory trees in an insecure manner
which could lead to the removal of arbitrary files and directories
through a symlink attack.
Trustix developers discovered several insecure uses of temporary
files in many modules which allow a local attacker to overwrite
files via a symlink attack.
For the stable distribution (woody) these problems have been fixed in
version 5.6.1-8.8.
For the unstable distribution (sid) these problems have been fixed in
version 5.8.4-5.
We recommend that you upgrade your perl packages.
Solution : http://www.debian.org/security/2004/dsa-620
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|