Vulnerability Bulletins

int(761)

Vulnerability Bulletins

Escape de información en suidperl
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de la visibilidad
Dificulty	Experto
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	suidperl <=5.6.1
Description
Se han descubierto múltiples vulnerabilidades en la versión 5.6.1 y anteriores de suidperl. La explotación de estas vulnerabilidades podría permitir a un atacante local conseguir información sobre ficheros sin tener los permisos apropiados como, por ejemplo, la existencia del archivo o sus permisos.
Solution
Actualización de software Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7.dsc http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7.diff.gz http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz Componentes indpendientes de arquitectura http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.7_all.deb http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.7_all.deb http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.7_all.deb Alpha http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_alpha.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_alpha.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_alpha.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_alpha.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_alpha.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_alpha.deb ARM http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_arm.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_arm.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_arm.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_arm.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_arm.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_i386.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_i386.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_i386.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_i386.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_i386.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_ia64.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_ia64.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_ia64.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_ia64.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_ia64.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_ia64.deb HP Precision http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_hppa.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_hppa.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_hppa.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_hppa.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_hppa.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_m68k.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_m68k.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_m68k.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_m68k.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_m68k.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_mips.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_mips.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_mips.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_mips.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_mips.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_mipsel.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_mipsel.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_mipsel.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_mipsel.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_mipsel.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_powerpc.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_powerpc.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_powerpc.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_powerpc.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_powerpc.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_s390.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_s390.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_s390.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_s390.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_s390.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_sparc.deb http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_sparc.deb http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_sparc.deb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_sparc.deb http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_sparc.deb http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_sparc.deb
Standar resources
Property	Value
CVE	CAN-2003-0618
BID
Other resources
Debian Security Advisory DSA 431-2 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00087.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-04-19

Vulnerability Bulletins

Escape de información en suidperl

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history