Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0156

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-0156
Last Modified 23 Oct 2013 09:44:03
Published 07 Feb 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0156

Summary

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

Vulnerable Systems

Operating System

  • Ibm Aix 5.2

  • Ibm Aix 5.3

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Fedora Core Core 3.0

  • Suse Linux 8.0

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

  • Trustix Secure Linux 1.5

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Trustix Secure Linux 2.2

  • Ubuntu Linux 4.1

Application

  • Larry Wall Perl 5.8.0

  • Larry Wall Perl 5.8.1

  • Larry Wall Perl 5.8.3

  • Larry Wall Perl 5.8.4

  • Larry Wall Perl 5.8.4.1

  • Larry Wall Perl 5.8.4.2

  • Larry Wall Perl 5.8.4.2.3

  • Larry Wall Perl 5.8.4.3

  • Larry Wall Perl 5.8.4.4

  • Larry Wall Perl 5.8.4.5

  • Sgi Propack 3.0


References

XF - perl-perliodebug-bo(19208)

TRUSTIX - 2005-0003

BID - 12426

REDHAT - RHSA-2005:105

REDHAT - RHSA-2005:103

GENTOO - GLSA-200502-13

MISC - http://www.digitalmunition.com/DMA[2005-0131b].txt

FULLDISC - 20050207 DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG

BUGTRAQ - 20050202 [USN-72-1] Perl vulnerabilities

MANDRAKE - MDKSA-2005:031

SECUNIA - 14120

FEDORA - FLSA-2006:152845

CONECTIVA - CLSA-2006:1056

SECUNIA - 55314


Last Updated: 27 May 2016 11:03:13