12 matches found
CVE-2005-0155
The CVE-2005-0155 entry concerns the Perl PerlIO/ setuid wrapper (sperl) in Perl 5.8.0. The vulnerability arises when PERLIO_DEBUG is set, allowing a local user to cause the sperl process to create arbitrary files (or append debugging information), effectively giving root privileges through a loc...
CVE-2007-5116
CVE-2007-5116 is a Perl vulnerability in the 5.8 release affecting the Regular Expression Engine (regcomp.c) where a buffer overflow can allow a remote attacker to execute arbitrary code by switching from byte to Unicode in a regex. Public-facing sources in the connected documents (including a VM...
CVE-2005-0448
CVE-2005-0448 affects the Perl File::Path.rmtree code path in Perl before 5.8.4. The race condition in File::Path.pm (rmtree) may allow local users to create arbitrary setuid binaries in the directory tree being deleted. This entry is corroborated by multiple connected advisories and Nessus plugi...
CVE-2004-0452
CVE-2004-0452 : Race condition in File::Path::rmtree in Perl 5.6.1 and 5.8.4 sets world-write permissions, enabling local users to delete arbitrary files/directories and potentially read them via a symlink attack. This is tied to the Perl File::Path module and the rmtree operation. No explicit fi...
CVE-2005-0156
The CVE-2005-0156 issue affects Perl 5.8.0 when built with setuid support (sperl). The vulnerability is a buffer overflow in the PerlIO implementation that can be triggered by setting PERLIO_DEBUG and running a Perl script whose full pathname has a long directory tree. This allows local users to ...
CVE-2003-0900
Connected Nessus/NASL entries show that CVE-2003-0900 is mentioned as a related random-seed-for-fork issue in the context of Ruby upgrades, specifically noting that Ruby before 1.8.6-p114 does not reset the random seed on fork, a related issue to CVE-2003-0900. Additional advisories (CVE-2011-300...
CVE-2004-0976
CVE-2004-0976 affects the perl package, notably in Trustix Secure Linux 1.5–2.1 and similar OSes, due to a symlink attack that lets local users overwrite files via temporary files. Root cause is insecure temporary file handling in Perl modules; impact is local with partial integrity impact and no...
CVE-1999-0034
CVE-1999-0034 affects the suidperl (sperl) component in Perl 4.x and 5.x, with the root cause described as a buffer overflow in suidperl. Documented impact indicates complete confidentiality, integrity, and availability compromises (local attack vector, no authentication, no user interaction requ...
CVE-2004-0377
CVE-2004-0377: A buffer overflow in the win32_stat wrapper used by ActivePerl (ActiveState) and Larry Wall’s Perl up to 5.8.3 allows local or remote code execution when a filename ends with a backslash. Exploitation depends on how the vulnerable Perl is used by an application; Windows environment...
CVE-2000-0703
CVE-2000-0703 affects suidperl (sperl). The vulnerability arises because suidperl does not properly cleanse the escape sequence "~!" before invoking /bin/mail to report errors. This enables local users to gain privileges by setting the interactive environmental variable and running suidperl with ...
CVE-2004-2286
CVE-2004-2286 maps to an integer overflow in ActivePerl’s duplication operator, enabling remote DoS and potentially arbitrary code execution via a large multiplier. Affected: ActivePerl 5.x up to 5.8.3 and earlier. Root cause: overflow during duplication. Impact: Denial of service and possible co...
CVE-2005-4278
CVE-2005-4278 is an Untrusted search path vulnerability affecting Perl prior to 5.8.7-r1 on Gentoo Linux. Local users in the portage group can gain privileges by placing a malicious shared object in the Portage temporary build directory, which is in RUNPATH. Connected advisories (GLSA 200510-14, ...