Perl SuidPerl Multiple Local Vulnerabilities
BID:12426
Info
Perl SuidPerl Multiple Local Vulnerabilities
| Bugtraq ID: | 12426 |
| Class: | Unknown |
| CVE: |
CVE-2005-0155 CVE-2005-0156 CVE-2006-3813 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 02 2005 12:00AM |
| Updated: | Sep 26 2013 12:16AM |
| Credit: | These vulnerabilities were announced in a vendor advisory. |
| Vulnerable: |
Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Linux 1.5 Trustix Secure Enterprise Linux 2.0 SGI ProPack 3.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux 8.1 S.u.S.E. Linux 8.0 i386 S.u.S.E. Linux 8.0 RedHat Linux 9.0 i386 RedHat Linux 7.3 i386 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Desktop 4.0 RedHat Desktop 3.0 Red Hat Fedora Core3 Red Hat Fedora Core2 Red Hat Fedora Core1 Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Larry Wall Perl 5.8.4 -5 Larry Wall Perl 5.8.4 -4 Larry Wall Perl 5.8.4 -3 Larry Wall Perl 5.8.4 -2.3 Larry Wall Perl 5.8.4 -2 Larry Wall Perl 5.8.4 -1 Larry Wall Perl 5.8.4 Larry Wall Perl 5.8.3 Larry Wall Perl 5.8.1 Larry Wall Perl 5.8 IBM AIX 5.3 IBM AIX 5.2 Conectiva Linux 10.0 Avaya Messaging Storage Server MM3.0 |
| Not Vulnerable: | |
Discussion
Perl SuidPerl Multiple Local Vulnerabilities
SuidPerl is reported prone to multiple vulnerabilities. The following individual issues are reported:
- the 'PERLIO_DEBUG' SuidPerl environment variable may be employed to corrupt arbitrary files. A local unprivileged attacker may exploit this vulnerability to corrupt arbitrary files with superuser privileges. This may ultimately lead to a denial of service for legitimate users or to privilege escalation.
- SuidPerl is prone to a local buffer-overflow vulnerability as well. A local attacker may exploit this buffer-overflow vulnerability to gain superuser privileges. This issue is also exploited through the 'PERLIO_DEBUG' variable.
SuidPerl is reported prone to multiple vulnerabilities. The following individual issues are reported:
- the 'PERLIO_DEBUG' SuidPerl environment variable may be employed to corrupt arbitrary files. A local unprivileged attacker may exploit this vulnerability to corrupt arbitrary files with superuser privileges. This may ultimately lead to a denial of service for legitimate users or to privilege escalation.
- SuidPerl is prone to a local buffer-overflow vulnerability as well. A local attacker may exploit this buffer-overflow vulnerability to gain superuser privileges. This issue is also exploited through the 'PERLIO_DEBUG' variable.
Exploit / POC
Perl SuidPerl Multiple Local Vulnerabilities
Kevin Finisterre <[email protected]> has provided the following proof-of-concept exploits:
Kevin Finisterre <[email protected]> has provided the following proof-of-concept exploits:
Solution / Fix
Perl SuidPerl Multiple Local Vulnerabilities
Solution:
Please see the referenced advisories for more information.
IBM AIX 5.2
IBM AIX 5.3
SGI ProPack 3.0
Larry Wall Perl 5.8
Larry Wall Perl 5.8.1
Larry Wall Perl 5.8.3
Larry Wall Perl 5.8.4
Larry Wall Perl 5.8.4 -5
Solution:
Please see the referenced advisories for more information.
IBM AIX 5.2
-
IBM perl58x.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/perl58x.tar -
IBM IY68464
IBM AIX 5.3
-
IBM perl58x.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/perl58x.tar -
IBM IY68463
SGI ProPack 3.0
-
SGI patch10141.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/patch101 39.tar.gz
Larry Wall Perl 5.8
-
Fedora Legacy perl-5.8.0-90.0.12.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-5.8.0-90.0 .12.legacy.i386.rpm -
Fedora Legacy perl-5.8.3-17.4.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/perl-5.8.3-17.4 .legacy.i386.rpm -
Fedora Legacy perl-CGI-2.81-90.0.12.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-CGI-2.81-9 0.0.12.legacy.i386.rpm -
Fedora Legacy perl-CPAN-1.61-90.0.12.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-CPAN-1.61- 90.0.12.legacy.i386.rpm -
Fedora Legacy perl-DB_File-1.804-90.0.12.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-DB_File-1. 804-90.0.12.legacy.i386.rpm -
Fedora Legacy perl-suidperl-5.8.0-90.0.12.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/perl-suidperl-5 .8.0-90.0.12.legacy.i386.rpm -
Mandrake perl-5.8.0-14.4.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-5.8.0-14.4.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-base-5.8.0-14.4.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-base-5.8.0-14.4.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-devel-5.8.0-14.4.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-devel-5.8.0-14.4.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-doc-5.8.0-14.4.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-doc-5.8.0-14.4.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
SuSE perl-5.8.0-200.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/perl-5.8.0-200.i5 86.rpm -
SuSE perl-5.8.0-201.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/perl-5.8.0-201.i5 86.rpm
Larry Wall Perl 5.8.1
-
Fedora Legacy perl-5.8.3-17.4.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/perl-5.8.3-17.4 .legacy.i386.rpm -
Fedora Legacy perl-5.8.3-19.3.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/perl-5.8.3-19.3 .legacy.i386.rpm -
Fedora Legacy perl-suidperl-5.8.3-17.4.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/perl-suidperl-5 .8.3-17.4.legacy.i386.rpm -
Fedora Legacy perl-suidperl-5.8.3-19.3.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/perl-suidperl-5 .8.3-19.3.legacy.i386.rpm -
Mandrake perl-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/amd64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-5.8.1-0.RC4.3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-base-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/amd64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-base-5.8.1-0.RC4.3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-devel-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/amd64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-devel-5.8.1-0.RC4.3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-doc-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
Mandrake Linux 9.2/amd64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-doc-5.8.1-0.RC4.3.3.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
SuSE perl-5.8.1-130.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/perl-5.8.1-130.i5 86.rpm -
SuSE perl-5.8.1-130.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/perl-5.8.1-13 0.x86_64.rpm
Larry Wall Perl 5.8.3
-
Conectiva libperl5.8-5.8.3-62257U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/libperl5.8-5.8.3-62257U10_ 1cl.i386.rpm -
Conectiva miniperl-5.8.3-62257U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/miniperl-5.8.3-62257U10_1c l.i386.rpm -
Conectiva perl-5.8.3-62257U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/perl-5.8.3-62257U10_1cl.i3 86.rpm -
Conectiva perl-base-5.8.3-62257U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/perl-base-5.8.3-62257U10_1 cl.i386.rpm -
Conectiva perl-devel-5.8.3-62257U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/perl-devel-5.8.3-62257U10_ 1cl.i386.rpm -
Conectiva perl-devel-static-5.8.3-62257U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/perl-devel-static-5.8.3-62 257U10_1cl.i386.rpm -
Conectiva perl-doc-5.8.3-62257U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/perl-doc-5.8.3-62257U10_1c l.i386.rpm -
Conectiva perl-modules-5.8.3-62257U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/perl-modules-5.8.3-62257U1 0_1cl.i386.rpm -
Conectiva perl-suidperl-5.8.3-62257U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/perl-suidperl-5.8.3-62257U 10_1cl.i386.rpm -
Conectiva perl-utils-5.8.3-62257U10_1cl.i386.rpm
Version: 10
ftp://atualizacoes.conectiva.com.br/10/RPMS/perl-utils-5.8.3-62257U10_ 1cl.i386.rpm -
Mandrake perl-5.8.3-5.3.100mdk.amd64.rpm
Mandrake Linux 10.0/amd64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-5.8.3-5.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-5.8.3-5.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-5.8.3-5.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-base-5.8.3-5.3.100mdk.amd64.rpm
Mandrake Linux 10.0/amd64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-base-5.8.3-5.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-base-5.8.3-5.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-base-5.8.3-5.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-devel-5.8.3-5.3.100mdk.amd64.rpm
Mandrake Linux 10.0/amd64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-devel-5.8.3-5.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-devel-5.8.3-5.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-devel-5.8.3-5.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-doc-5.8.3-5.3.100mdk.amd64.rpm
Mandrake Linux 10.0/amd64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-doc-5.8.3-5.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-doc-5.8.3-5.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-doc-5.8.3-5.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
SuSE perl-5.8.3-32.4.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/perl-5.8.3-32.4.i 586.rpm -
SuSE perl-5.8.3-32.4.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/perl-5.8.3-32 .4.x86_64.rpm -
Trustix perl-5.8.3-5tr.i586.rpm
Trustix Secure Linux 2.1
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix perl-devel-5.8.3-5tr.i586.rpm
Trustix Secure Linux 2.1
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix perl-doc-5.8.3-5tr.i586.rpm
Trustix Secure Linux 2.1
ftp://ftp.trustix.org/pub/trustix/updates/
Larry Wall Perl 5.8.4
-
Mandrake perl-5.8.5-3.3.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-5.8.5-3.3.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-base-5.8.5-3.3.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-base-5.8.5-3.3.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-devel-5.8.5-3.3.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-devel-5.8.5-3.3.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-doc-5.8.5-3.3.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake perl-doc-5.8.5-3.3.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Ubuntu libcgi-fast-perl_5.8.4-2ubuntu0.3_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-per l_5.8.4-2ubuntu0.3_all.deb -
Ubuntu libperl-dev_5.8.4-2ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2 ubuntu0.3_amd64.deb -
Ubuntu libperl-dev_5.8.4-2ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2 ubuntu0.3_i386.deb -
Ubuntu libperl-dev_5.8.4-2ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2 ubuntu0.3_powerpc.deb -
Ubuntu libperl5.8_5.8.4-2ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2u buntu0.3_amd64.deb -
Ubuntu libperl5.8_5.8.4-2ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2u buntu0.3_i386.deb -
Ubuntu libperl5.8_5.8.4-2ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2u buntu0.3_powerpc.deb -
Ubuntu perl-base_5.8.4-2ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ub untu0.3_amd64.deb -
Ubuntu perl-base_5.8.4-2ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ub untu0.3_i386.deb -
Ubuntu perl-base_5.8.4-2ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ub untu0.3_powerpc.deb -
Ubuntu perl-debug_5.8.4-2ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8. 4-2ubuntu0.3_amd64.deb -
Ubuntu perl-debug_5.8.4-2ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8. 4-2ubuntu0.3_i386.deb -
Ubuntu perl-debug_5.8.4-2ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8. 4-2ubuntu0.3_powerpc.deb -
Ubuntu perl-doc_5.8.4-2ubuntu0.3_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubu ntu0.3_all.deb -
Ubuntu perl-modules_5.8.4-2ubuntu0.3_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4- 2ubuntu0.3_all.deb -
Ubuntu perl-suid_5.8.4-2ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ub untu0.3_amd64.deb -
Ubuntu perl-suid_5.8.4-2ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ub untu0.3_i386.deb -
Ubuntu perl-suid_5.8.4-2ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ub untu0.3_powerpc.deb -
Ubuntu perl_5.8.4-2ubuntu0.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0 .3_amd64.deb -
Ubuntu perl_5.8.4-2ubuntu0.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0 .3_i386.deb -
Ubuntu perl_5.8.4-2ubuntu0.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0 .3_powerpc.deb
Larry Wall Perl 5.8.4 -5
-
SuSE perl-32bit-9.2-200502072008.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/perl-32bit-9. 2-200502072008.x86_64.rpm -
SuSE perl-5.8.5-3.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/perl-5.8.5-3.2.i5 86.rpm -
SuSE perl-5.8.5-3.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/perl-5.8.5-3. 2.x86_64.rpm -
Trustix perl-5.8.5-4tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/
References
Perl SuidPerl Multiple Local Vulnerabilities
References:
References:
- ASA-2006-163 - perl security update (RHSA-2006-0605) (Avaya)
- Larry Wall's Very Own Perl Page (Larry Wall)
- RHSA-2005:105-11 - Updated Perl packages fix security issues (RedHat)
- RHSA-2006:0605-6 - perl security update (Red Hat)
- DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation'] ("KF \(lists\)"
- DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG buffer overflow'] ("KF \(lists\)"