|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200502-13] Perl: Vulnerabilities in perl-suid wrapper Vulnerability Scan
Vulnerability Scan Summary Perl: Vulnerabilities in perl-suid wrapper
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200502-13
(Perl: Vulnerabilities in perl-suid wrapper)
perl-suid scripts honor the PERLIO_DEBUG environment variable and
write to that file with elevated rights (CVE-2005-0155).
Furthermore, calling a perl-suid script with a very long path while
PERLIO_DEBUG is set could trigger a buffer overflow (CVE-2005-0156).
Impact
A local attacker could set the PERLIO_DEBUG environment variable
and call existing perl-suid scripts, resulting in file overwriting and
potentially the execution of arbitrary code with root rights.
Workaround
You are not vulnerable if you do not have the perlsuid USE flag
set or do not use perl-suid scripts.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0156
Solution:
All Perl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose dev-lang/perl
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|