|
Family: Ubuntu Local Security Checks --> Category: infos
USN70-1 : libdbi-perl vulnerabilities Vulnerability Scan
Vulnerability Scan Summary libdbi-perl vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote package "libdbi-perl" is missing a security patch.
Description :
Javier Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the module DBI::ProxyServer in Perl's DBI library
created a PID file in an insecure manner. This could allow a symbolic
link attack to create or overwrite arbitrary files with the rights
of the user invoking a program using this module (like 'dbiproxy').
Now the module does not create a such a PID file by default.
Solution :
Upgrade to :
- libdbi-perl-1.42-3ubuntu0.1 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|