|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200502-13] Perl: Vulnerabilities in perl-suid wrapper Vulnerability Assessment Details
|
[GLSA-200502-13] Perl: Vulnerabilities in perl-suid wrapper |
||
Perl: Vulnerabilities in perl-suid wrapper Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200502-13 (Perl: Vulnerabilities in perl-suid wrapper) perl-suid scripts honor the PERLIO_DEBUG environment variable and write to that file with elevated rights (CVE-2005-0155). Furthermore, calling a perl-suid script with a very long path while PERLIO_DEBUG is set could trigger a buffer overflow (CVE-2005-0156). Impact A local attacker could set the PERLIO_DEBUG environment variable and call existing perl-suid scripts, resulting in file overwriting and potentially the execution of arbitrary code with root rights. Workaround You are not vulnerable if you do not have the perlsuid USE flag set or do not use perl-suid scripts. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0156 Solution: All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-lang/perl Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
Cables, Connectors |
Cisco Systems NCS2K-20-SMRFS-L optical multiplexor CISCO EXCESS
$3599.00
Cisco SG110 24 Port Gigabit Ethernet Switch w/ 2 x SFP SG110-24
$117.00
Cisco RV160 VPN Router 4 Gigabit Ethernet Ports RV160-K9-AR
$80.00
Cisco ASA5525-FTD-K9 Security Appliance with FirePower Services
$1000.00
Cisco WS-C3850-48P-L 48-Port Gigabit 3850 PoE Switch w/ 715W+ C3850-NM-4-1G Mod
$83.00
Cisco Catalyst WS-C2960-48TT-L V02 48 Port Fast Ethernet Switch
$34.00
Cisco C3850-NM-2-10G 2 Port Network Exp.Module for 3850
$38.99
Cisco CBS350-24FP-4G 28 Port PoE Managed Ethernet Switch
$319.99
Cisco MS410-16-HW 16 Ports Fully Managed Ethernet Switch NEW Unclaimed
$999.99
Cisco C9300-48 48 Port Switch Dual PSU W/C9300-NM-8X P/N: C9300-48U-A Tested
$799.99
|
||
No Discussions have been posted on this vulnerability. |