ID CVE-2005-0155
Summary The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
References
Vulnerable Configurations
  • cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 13-08-2018 - 21:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:05:22.475-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
family unix
id oval:org.mitre.oval:def:10404
status accepted
submitted 2010-07-09T03:56:16-04:00
title Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
version 29
redhat via4
advisories
  • rhsa
    id RHSA-2005:103
  • rhsa
    id RHSA-2005:105
rpms
  • perl-3:5.8.5-12.1
  • perl-debuginfo-3:5.8.5-12.1
  • perl-suidperl-3:5.8.5-12.1.1
  • perl-2:5.8.0-89.10
  • perl-CGI-2:2.81-89.10
  • perl-CPAN-2:1.61-89.10
  • perl-DB_File-2:1.804-89.10
  • perl-debuginfo-2:5.8.0-89.10
  • perl-suidperl-2:5.8.0-89.10
refmap via4
bid 12426
bugtraq 20050202 [USN-72-1] Perl vulnerabilities
conectiva CLSA-2006:1056
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm
fedora FLSA-2006:152845
fulldisc 20050207 DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation'
gentoo GLSA-200502-13
mandrake MDKSA-2005:031
misc http://www.digitalmunition.com/DMA[2005-0131a].txt
secunia
  • 14120
  • 21646
trustix 2005-0003
xf perl-perliodebug-file-overwrite(19207)
Last major update 13-08-2018 - 21:47
Published 02-05-2005 - 04:00
Last modified 13-08-2018 - 21:47
Back to Top