Package: perl Version: 5.8.4-5 Severity: critical Tags: security Hello
Quoting Ubuntu USN-72-1: =========================================================== Ubuntu Security Notice USN-72-1 February 02, 2005 perl vulnerabilities CAN-2005-0155, CAN-2005-0156 =========================================================== ... Two exploitable vulnerabilities involving setuid-enabled perl scripts have been discovered. The package "perl-suid" provides a wrapper around perl which allows to use setuid-root perl scripts, i.e. user-callable Perl scripts which have full root privileges. Previous versions allowed users to overwrite arbitrary files by setting the PERLIO_DEBUG environment variable and calling an arbitrary setuid-root perl script. The file that PERLIO_DEBUG points to was then overwritten by Perl debug messages. This did not allow precise control over the file content, but could destroy important data. PERLIO_DEBUG is now ignored for setuid scripts. (CAN-2005-0155) In addition, calling a setuid-root perl script with a very long path caused a buffer overflow if PERLIO_DEBUG was set. This buffer overflow could be exploited to execute arbitrary files with full root privileges. (CAN-2005-0156) bye, -christian- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]