caldera.sa-1998.07.perl
6b7acc89a7d6c3bbb9f35aada6b7353164db74b8709be8cc7ecf36aaa50000e9
From support@caldera.com Thu Apr 9 13:24:35 1998
From: Caldera Support <support@caldera.com>
To: Caldera Announce <caldera-announce@rim.caldera.com>
Date: 9 Apr 1998 17:34:52 -0000
Reply-To: info@caldera.com
Subject: Caldera Security Advisory SA-1998.07: Vulnerability in perl
-----BEGIN PGP SIGNED MESSAGE-----
Subject: Caldera Security Advisory SA-1998.07: Vulnerability in perl
Advisory issue date: 07-Apr-1998
Topic: Vulnerability in perl
I. Problem Description
A race condition exists when executing `perl -e ...'.
This can be used in a DoS (Denial of Service) attack
which deletes the content of a targeted file.
II. Impact
The target file can be harmed if the user executing
`perl -e' has write permissions for the file. The
contents will be replaced with the text of the argument
for `-e' option. This attack is likely to have one of two
results. A file which is needed for normal system operation
is destroyed rendering machine services inaccessible (DoS).
A file controlling access to the machine is modified to
allow access to the attacker (Compromise). The likelihood
of successful compromise attacks are remote as they usually
require that the attacker modify the argument paired with the
'-e' flag.
This problem is present in OpenLinux 1.2 and prior releases.
III. Solution
Upgrade to the perl-5.004_03-2 packages. They can be found
on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/005/RPMS
The corresponding source code can be found at:
ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/005/SRPMS
The MD5 checksums (from the "md5sum" command) for these packages are:
bb5ad759caafc145ed127cf57e5d0c1f perl-5.004_03-2.i386.rpm
116500196267424d5ae1898389242654 perl-add-5.004_03-2.i386.rpm
552ebc8c59f6c05e4576d727b3132d4e perl-examples-5.004_03-2.i386.rpm
edf5c15d0b18677d89e23cada18b3d5d perl-man-5.004_03-2.i386.rpm
b06a442baec601c58f5f8ec7c2eef5fc perl-pod-5.004_03-2.i386.rpm
d663727f82da3b9f45568ab5fc148a50 perl-5.004_03-2.src.rpm
Upgrade with the following commands:
rpm -q perl && rpm -U perl-5.004_03-2.i386.rpm
rpm -q perl-add && rpm -U perl-add-5.004_03-2.i386.rpm
rpm -q perl-examples && rpm -U perl-examples-5.004_03-2.i386.rpm
rpm -q perl-man && rpm -U perl-man-5.004_03-2.i386.rpm
rpm -q perl-pod && rpm -U perl-pod-5.004_03-2.i386.rpm
IV. References
BugTraq reference:
From: stanislav shalunov <shalunov@MCCME.RU>
To: BUGTRAQ@NETSPACE.ORG
Subject: another /tmp race: `perl -e' opens temp file not safely
Date: Sun, 8 Mar 1998 00:04:20 GMT
Message-ID: <199803072356.CAA16643@main.mccme.rssi.ru>
and follow-up postings
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/security/
This security fix closes Caldera's internal Problem Report 1810
V. PGP Signature
This message was signed with the PGP key for security@caldera.com.
This key can be obtained from:
ftp://ftp.caldera.com/pub/pgp-keys/
Or on an OpenLinux CDROM under:
/OpenLinux/pgp-keys/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNSwE9en+9R4958LpAQF8fwP+NN/0Xo4weZgTnc04ilkYvI3AIN8Iu3c9
hIajjL8/AChw9ZokzVIUlpCcpy4zr89gwT0xuhURwqZIDZcdnPAI+FDlxpZO2eH5
IRMgUlfp9jiQAkwa95U8pRhifCrf6BcyqJze3V5x/mrh6gU8bDH3r6IaCyaJt7kQ
u47ZMoQWIZE=
=gPQ+
-----END PGP SIGNATURE-----
-
Notes: To learn how to use this list server, email a "help" command to
majordomo@rim.caldera.com.