Vulnerability Bulletins |
Desbordamiento de búfer en sperl |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Compromiso Root |
Dificulty | Principiante |
Required attacker level | Acceso remoto con cuenta |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | sperl |
Description |
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en sperl, el "wrapper" utilizado por Perl para ejecutar programas setuid. La vulnerabilidad reside en el manejo de la variable de entorno PERLIO_DEBUG. La explotación de esta vulnerabilidad podría permitir a un atacante local obtener privilegios de root. |
|
Solution |
|
Actualización de software Red Hat Linux Red Hat Desktop (v. 3) SRPMS perl-5.8.0-89.10.src.rpm IA-32 perl-5.8.0-89.10.i386.rpm perl-CGI-2.81-89.10.i386.rpm perl-CPAN-1.61-89.10.i386.rpm perl-DB_File-1.804-89.10.i386.rpm perl-suidperl-5.8.0-89.10.i386.rpm x86_64 perl-5.8.0-89.10.i386.rpm perl-5.8.0-89.10.x86_64.rpm perl-CGI-2.81-89.10.x86_64.rpm perl-CPAN-1.61-89.10.x86_64.rpm perl-DB_File-1.804-89.10.x86_64.rpm perl-suidperl-5.8.0-89.10.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) SRPMS perl-5.8.0-89.10.src.rpm IA-32 perl-5.8.0-89.10.i386.rpm perl-CGI-2.81-89.10.i386.rpm perl-CPAN-1.61-89.10.i386.rpm perl-DB_File-1.804-89.10.i386.rpm perl-suidperl-5.8.0-89.10.i386.rpm IA-64 perl-5.8.0-89.10.i386.rpm perl-5.8.0-89.10.ia64.rpm perl-CGI-2.81-89.10.ia64.rpm perl-CPAN-1.61-89.10.ia64.rpm perl-DB_File-1.804-89.10.ia64.rpm perl-suidperl-5.8.0-89.10.ia64.rpm PPC perl-5.8.0-89.10.ppc.rpm perl-5.8.0-89.10.ppc64.rpm perl-CGI-2.81-89.10.ppc.rpm perl-CPAN-1.61-89.10.ppc.rpm perl-DB_File-1.804-89.10.ppc.rpm perl-suidperl-5.8.0-89.10.ppc.rpm s390 perl-5.8.0-89.10.s390.rpm perl-CGI-2.81-89.10.s390.rpm perl-CPAN-1.61-89.10.s390.rpm perl-DB_File-1.804-89.10.s390.rpm perl-suidperl-5.8.0-89.10.s390.rpm s390x perl-5.8.0-89.10.s390.rpm perl-5.8.0-89.10.s390x.rpm perl-CGI-2.81-89.10.s390x.rpm perl-CPAN-1.61-89.10.s390x.rpm perl-DB_File-1.804-89.10.s390x.rpm perl-suidperl-5.8.0-89.10.s390x.rpm x86_64 perl-5.8.0-89.10.i386.rpm perl-5.8.0-89.10.x86_64.rpm perl-CGI-2.81-89.10.x86_64.rpm perl-CPAN-1.61-89.10.x86_64.rpm perl-DB_File-1.804-89.10.x86_64.rpm perl-suidperl-5.8.0-89.10.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) SRPMS perl-5.8.0-89.10.src.rpm IA-32 perl-5.8.0-89.10.i386.rpm perl-CGI-2.81-89.10.i386.rpm perl-CPAN-1.61-89.10.i386.rpm perl-DB_File-1.804-89.10.i386.rpm perl-suidperl-5.8.0-89.10.i386.rpm IA-64 perl-5.8.0-89.10.i386.rpm perl-5.8.0-89.10.ia64.rpm perl-CGI-2.81-89.10.ia64.rpm perl-CPAN-1.61-89.10.ia64.rpm perl-DB_File-1.804-89.10.ia64.rpm perl-suidperl-5.8.0-89.10.ia64.rpm x86_64 perl-5.8.0-89.10.i386.rpm perl-5.8.0-89.10.x86_64.rpm perl-CGI-2.81-89.10.x86_64.rpm perl-CPAN-1.61-89.10.x86_64.rpm perl-DB_File-1.804-89.10.x86_64.rpm perl-suidperl-5.8.0-89.10.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) SRPMS perl-5.8.0-89.10.src.rpm IA-32 perl-5.8.0-89.10.i386.rpm perl-CGI-2.81-89.10.i386.rpm perl-CPAN-1.61-89.10.i386.rpm perl-DB_File-1.804-89.10.i386.rpm perl-suidperl-5.8.0-89.10.i386.rpm IA-64 perl-5.8.0-89.10.i386.rpm perl-5.8.0-89.10.ia64.rpm perl-CGI-2.81-89.10.ia64.rpm perl-CPAN-1.61-89.10.ia64.rpm perl-DB_File-1.804-89.10.ia64.rpm perl-suidperl-5.8.0-89.10.ia64.rpm x86_64 perl-5.8.0-89.10.i386.rpm perl-5.8.0-89.10.x86_64.rpm perl-CGI-2.81-89.10.x86_64.rpm perl-CPAN-1.61-89.10.x86_64.rpm perl-DB_File-1.804-89.10.x86_64.rpm perl-suidperl-5.8.0-89.10.x86_64.rpm https://rhn.redhat.com/ Linux Mandrake Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/perl-5.8.1-0.RC4.3.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/perl-base-5.8.1-0.RC4.3.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/perl-devel-5.8.1-0.RC4.3.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/perl-doc-5.8.1-0.RC4.3.3.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/perl-5.8.1-0.RC4.3.3.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/perl-5.8.1-0.RC4.3.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/perl-base-5.8.1-0.RC4.3.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/perl-devel-5.8.1-0.RC4.3.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/perl-doc-5.8.1-0.RC4.3.3.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/perl-5.8.1-0.RC4.3.3.92mdk.src.rpm Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/perl-5.8.3-5.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/perl-base-5.8.3-5.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/perl-devel-5.8.3-5.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/perl-doc-5.8.3-5.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/perl-5.8.3-5.3.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/perl-5.8.3-5.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/perl-base-5.8.3-5.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/perl-devel-5.8.3-5.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/perl-doc-5.8.3-5.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/perl-5.8.3-5.3.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/perl-5.8.5-3.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/perl-base-5.8.5-3.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/perl-devel-5.8.5-3.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/perl-doc-5.8.5-3.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/perl-5.8.5-3.3.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/perl-5.8.5-3.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/perl-base-5.8.5-3.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/perl-devel-5.8.5-3.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/perl-doc-5.8.5-3.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/perl-5.8.5-3.3.101mdk.src.rpm Mandrake Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/perl-5.8.0-14.4.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/perl-base-5.8.0-14.4.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/perl-devel-5.8.0-14.4.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/perl-doc-5.8.0-14.4.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/perl-5.8.0-14.4.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/perl-5.8.0-14.4.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/perl-base-5.8.0-14.4.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/perl-devel-5.8.0-14.4.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/perl-doc-5.8.0-14.4.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.4.C21mdk.src.rpm Mandrake Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/perl-5.8.3-5.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/perl-base-5.8.3-5.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/perl-devel-5.8.3-5.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/perl-doc-5.8.3-5.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/perl-5.8.3-5.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/perl-5.8.3-5.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.3.C30mdk.src.rpm Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ IBM AIX 5.3 - APAR IY68463 AIX 5.2 - APAR IY68464 http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html Efix AIX 5.3, 5.2 ftp://aix.software.ibm.com/aix/efixes/security/perl58x.tar.Z |
|
Standar resources |
|
Property | Value |
CVE | CAN-2005-0156 |
BID | |
Other resources |
|
Red Hat Security Advisory https://rhn.redhat.com/errata/RHSA-2005-105.html Mandrakesoft Security Advisories MDKSA-2005:031 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:031 Red Hat Security Advisory RHSA-2005:103-04 https://rhn.redhat.com/errata/RHSA-2005-103.html IBM SECURITY ADVISORY https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=7&heading=AIX53&topic=SECURITY&month=200502&bulletin=datafile090901&date=20050228&label=A+local+user+may+gain+root+privileges+through+the+perl+interpreter. |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2005-02-08 |
1.1 | Aviso emitido por Mandrake (MDKSA-2005:031) | 2005-02-09 |
1.2 | Aviso emitido por Red Hat (RHSA-2005:103-04) | 2005-02-16 |
1.3 | Aviso emitido por IBM | 2005-02-21 |
1.4 | Aviso actualizado por IBM | 2005-03-04 |