Libdbi-perl Unspecified Insecure Temporary File Creation Vulnerability

Bugtraq ID:	12360
Class:	Design Error
CVE:	CVE-2005-0077
Remote:	No
Local:	Yes
Published:	Jan 25 2005 12:00AM
Updated:	Dec 15 2006 08:53PM
Credit:	Discovery is credited to Javier Fernández-Sanguino Peña.
Vulnerable:	SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i386 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 libdbi-perl libdbi-perl 1.43 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1 libdbi-perl libdbi-perl 1.42 + S.u.S.E. Linux Personal 9.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 libdbi-perl libdbi-perl 1.41 + S.u.S.E. Linux Personal 9.1 libdbi-perl libdbi-perl 1.40 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0 + Redhat Fedora Core3 libdbi-perl libdbi-perl 1.38 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 libdbi-perl libdbi-perl 1.37 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 libdbi-perl libdbi-perl 1.32 + S.u.S.E. Linux Personal 8.2 libdbi-perl libdbi-perl 1.30 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 libdbi-perl libdbi-perl 1.28 + SuSE Linux 8.1 libdbi-perl libdbi-perl 1.21 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Gentoo Linux 1.4 _rc3 Gentoo Linux 1.4 _rc2 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.4 Gentoo Linux 1.2 Gentoo Linux 1.1 a Gentoo Linux 0.7 Gentoo Linux 0.5 Gentoo Linux
Not Vulnerable:

Libdbi-perl Unspecified Insecure Temporary File Creation Vulnerability

The 'libdbi-perl' utility is affected by an unspecified insecure temporary file-creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the presence of a file before writing to it.

An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.

Debian has reported that this vulnerability affects libdbi-perl 1.21 running on Debian GNU/Linux 3.0 alias 'woody'. Other versions may be affected as well.

Libdbi-perl Unspecified Insecure Temporary File Creation Vulnerability

An exploit is not required to leverage this issue.

Libdbi-perl Unspecified Insecure Temporary File Creation Vulnerability

Solution:

Please see the referenced vendor advisories for more information and fixes.


libdbi-perl libdbi-perl 1.21

• Debian libdbi-perl_1.21-2woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_alpha.deb


• Debian libdbi-perl_1.21-2woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_arm.deb


• Debian libdbi-perl_1.21-2woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_hppa.deb


• Debian libdbi-perl_1.21-2woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_i386.deb


• Debian libdbi-perl_1.21-2woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_ia64.deb


• Debian libdbi-perl_1.21-2woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_m68k.deb


• Debian libdbi-perl_1.21-2woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_mips.deb


• Debian libdbi-perl_1.21-2woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_mipsel.deb


• Debian libdbi-perl_1.21-2woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_powerpc.deb


• Debian libdbi-perl_1.21-2woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_s390.deb


• Debian libdbi-perl_1.21-2woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-p erl_1.21-2woody2_sparc.deb


• RedHat perl-DBI-1.21-1.1.legacy.i386.rpm
  Red Hat Linux 7.3:
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/perl-DBI-1.21 -1.1.legacy.i386.rpm

libdbi-perl libdbi-perl 1.28

• SuSE perl-DBI-1.28-119.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/perl-DBI-1.28-119 .i586.rpm

libdbi-perl libdbi-perl 1.30

• Mandrake perl-DBI-1.30-2.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-1.30-2.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php

libdbi-perl libdbi-perl 1.32

• RedHat perl-DBI-1.32-5.1.legacy.i386.rpm
  Red Hat Linux 9:
  http://download.fedoralegacy.org/redhat/9/updates/i386/perl-DBI-1.32-5 .1.legacy.i386.rpm


• SuSE perl-DBI-1.32-59.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/perl-DBI-1.32-59. i586.rpm

libdbi-perl libdbi-perl 1.37

• RedHat perl-DBI-1.37-1.1.legacy.i386.rpm
  Fedora Core 1:
  http://download.fedoralegacy.org/fedora/1/updates/i386/perl-DBI-1.37-1 .1.legacy.i386.rpm


• SuSE perl-DBI-1.37-66.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/perl-DBI-1.37-66. i586.rpm


• SuSE perl-DBI-1.37-66.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/perl-DBI-1.37 -66.x86_64.rpm

libdbi-perl libdbi-perl 1.38

• Mandrake perl-DBI-1.38-1.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-1.38-1.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-ProfileDumper-Apache-1.38-1.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-ProfileDumper-Apache-1.38-1.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-proxy-1.38-1.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-proxy-1.38-1.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php

libdbi-perl libdbi-perl 1.40

• Mandrake perl-DBI-1.40-2.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-1.40-2.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-1.40-2.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-1.40-2.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-ProfileDumper-Apache-1.40-2.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-ProfileDumper-Apache-1.40-2.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-ProfileDumper-Apache-1.40-2.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-ProfileDumper-Apache-1.40-2.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-proxy-1.40-2.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-proxy-1.40-2.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-proxy-1.40-2.1.C30mdk.i586.rpm
  Mandrake Corporate Server 3.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-proxy-1.40-2.1.C30mdk.x86_64.rpm
  Mandrake Corporate Server 3.0/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• RedHat perl-DBI-1.40-4.1.legacy.i386.rpm
  Fedora Core 2:
  http://download.fedoralegacy.org/fedora/2/updates/i386/perl-DBI-1.40-4 .1.legacy.i386.rpm


• RedHat Fedora perl-DBI-1.40-6.fc3.i386.rpm
  Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• RedHat Fedora perl-DBI-1.40-6.fc3.x86_64.rpm
  Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• RedHat Fedora perl-DBI-debuginfo-1.40-6.fc3.i386.rpm
  Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• RedHat Fedora perl-DBI-debuginfo-1.40-6.fc3.x86_64.rpm
  Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

libdbi-perl libdbi-perl 1.41

• SuSE perl-DBI-1.41-28.4.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/perl-DBI-1.41-28. 4.i586.rpm


• SuSE perl-DBI-1.41-28.4.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/perl-DBI-1.41 -28.4.x86_64.rpm

libdbi-perl libdbi-perl 1.42

• Ubuntu libdbi-perl_1.42-3ubuntu0.1_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/libd/libdbi-perl/libdbi-pe rl_1.42-3ubuntu0.1_amd64.deb


• Ubuntu libdbi-perl_1.42-3ubuntu0.1_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/libd/libdbi-perl/libdbi-pe rl_1.42-3ubuntu0.1_i386.deb


• Ubuntu libdbi-perl_1.42-3ubuntu0.1_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/libd/libdbi-perl/libdbi-pe rl_1.42-3ubuntu0.1_powerpc.deb

libdbi-perl libdbi-perl 1.43

• Mandrake perl-DBI-1.43-2.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-1.43-2.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-ProfileDumper-Apache-1.43-2.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-ProfileDumper-Apache-1.43-2.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-proxy-1.43-2.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake perl-DBI-proxy-1.43-2.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• SuSE perl-DBI-1.43-2.2.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/perl-DBI-1.43-2.2 .i586.rpm


• SuSE perl-DBI-1.43-2.2.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/perl-DBI-1.43 -2.2.x86_64.rpm

Libdbi-perl Unspecified Insecure Temporary File Creation Vulnerability

References:

• RHSA-2005:069-08 - Updated perl-DBI package fixes security issue (RedHat)