|
|
Family: Ubuntu Local Security Checks --> Category: infos
USN94-1 : perl vulnerability Vulnerability Scan
Vulnerability Scan Summary
perl vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libcgi-fast-perl
- libperl-dev
- libperl5.8
- perl
- perl-base
- perl-debug
- perl-doc
- perl-modules
- perl-suid
Description :
Paul Szabo discovered another vulnerability in the rmtree() function
in File::Path.pm. While a process running as root (or another user)
was busy deleting a directory tree, a different user could exploit a
race condition to create setuid binaries in this directory tree,
provided that he already had write permissions in any subdirectory of
that tree.
Solution :
Upgrade to :
- libcgi-fast-perl-5.8.4-2ubuntu0.4 (Ubuntu 4.10)
- libperl-dev-5.8.4-2ubuntu0.4 (Ubuntu 4.10)
- libperl5.8-5.8.4-2ubuntu0.4 (Ubuntu 4.10)
- perl-5.8.4-2ubuntu0.4 (Ubuntu 4.10)
- perl-base-5.8.4-2ubuntu0.4 (Ubuntu 4.10)
- perl-debug-5.8.4-2ubuntu0.4 (Ubuntu 4.10)
- perl-doc-5.8.4-2ubuntu0.4 (Ubuntu 4.10)
- perl-modules-5.8.4-2ubuntu0.4 (Ubuntu 4.10)
- perl-suid-5.8.4-2ubuntu0.4 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
