Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-72-1
HistoryFeb 02, 2005 - 12:00 a.m.

Perl vulnerabilities

2005-02-0200:00:00
ubuntu.com
39

7.5 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

Releases

  • Ubuntu 4.10

Details

Two exploitable vulnerabilities involving setuid-enabled perl scripts
have been discovered. The package “perl-suid” provides a wrapper
around perl which allows to use setuid-root perl scripts, i.e.
user-callable Perl scripts which have full root privileges.

Previous versions allowed users to overwrite arbitrary files by
setting the PERLIO_DEBUG environment variable and calling an arbitrary
setuid-root perl script. The file that PERLIO_DEBUG points to was then
overwritten by Perl debug messages. This did not allow precise control
over the file content, but could destroy important data. PERLIO_DEBUG
is now ignored for setuid scripts. (CAN-2005-0155)

In addition, calling a setuid-root perl script with a very long path
caused a buffer overflow if PERLIO_DEBUG was set. This buffer overflow
could be exploited to execute arbitrary files with full root
privileges. (CAN-2005-0156)

OSVersionArchitecturePackageVersionFilename
Ubuntu4.10noarchperl< *UNKNOWN

Related

openvas 7
freebsd 1
nessus 9
gentoo 1
redhat 3
debiancve 2
ubuntucve 2
cve 3
centos 1
cert 1
openvas
openvas
Gentoo Security Advisory GLSA 200502-13 (Perl)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200502-13 (Perl)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-72-1)
2022-08-26 00:00:00
freebsd
freebsd
perl -- vulnerabilities in PERLIO_DEBUG handling
2005-02-02 00:00:00
nessus
nessus
FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)
2005-07-13 00:00:00
Ubuntu 4.10 : perl vulnerabilities (USN-72-1)
2006-01-15 00:00:00
GLSA-200502-13 : Perl: Vulnerabilities in perl-suid wrapper
2005-02-14 00:00:00
gentoo
gentoo
Perl: Vulnerabilities in perl-suid wrapper
2005-02-11 00:00:00
redhat
redhat
(RHSA-2005:105) perl security update
2005-02-07 00:00:00
(RHSA-2005:103) perl security update
2005-02-15 00:00:00
(RHSA-2006:0605) perl security update
2006-08-10 00:00:00
debiancve
debiancve
CVE-2005-0156
2005-02-07 05:00:00
CVE-2005-0155
2005-05-02 04:00:00
ubuntucve
ubuntucve
CVE-2005-0156
2005-02-07 00:00:00
CVE-2005-0155
2005-05-02 00:00:00
cve
cve
CVE-2005-0156
2005-02-07 05:00:00
CVE-2005-0155
2005-05-02 04:00:00
CVE-2006-3813
2006-08-11 21:04:00
centos
centos
perl security update
2006-08-24 00:08:17
cert
cert
mod_python vulnerable to information disclosure via crafted URL
2005-02-21 00:00:00

7.5 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for USN-72-1
openvas7freebsd1nessus9gentoo1redhat3debiancve2ubuntucve2cve3centos1cert1