From support@caldera.com Thu Apr  9 13:24:35 1998
From: Caldera Support <support@caldera.com>
To: Caldera Announce <caldera-announce@rim.caldera.com>
Date: 9 Apr 1998 17:34:52 -0000
Reply-To: info@caldera.com
Subject: Caldera Security Advisory SA-1998.07: Vulnerability in perl

-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1998.07: Vulnerability in perl

Advisory issue date: 07-Apr-1998

Topic: Vulnerability in perl


I. Problem Description

        A race condition exists when executing `perl -e ...'.
        This can be used in a DoS (Denial of Service) attack
        which deletes the content of a targeted file.

II. Impact

        The target file can be harmed if the user executing
        `perl -e' has write permissions for the file.  The
        contents will be replaced with the text of the argument
        for `-e' option.  This attack is likely to have one of two
        results. A file which is needed for normal system operation
        is destroyed rendering  machine services inaccessible (DoS).
        A file controlling access to the machine is modified to
        allow access to the attacker (Compromise).  The likelihood
        of successful compromise attacks are remote as they usually
        require that the attacker modify the argument paired with the
        '-e' flag.

        This problem is present in OpenLinux 1.2 and prior releases.

III. Solution

        Upgrade to the perl-5.004_03-2 packages. They can be found
        on Caldera's FTP site at:

                ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/005/RPMS

            The corresponding source code can be found at:

                ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/005/SRPMS

    The MD5 checksums (from the "md5sum" command) for these packages are:

            bb5ad759caafc145ed127cf57e5d0c1f  perl-5.004_03-2.i386.rpm
            116500196267424d5ae1898389242654  perl-add-5.004_03-2.i386.rpm
            552ebc8c59f6c05e4576d727b3132d4e  perl-examples-5.004_03-2.i386.rpm
            edf5c15d0b18677d89e23cada18b3d5d  perl-man-5.004_03-2.i386.rpm
            b06a442baec601c58f5f8ec7c2eef5fc  perl-pod-5.004_03-2.i386.rpm
            d663727f82da3b9f45568ab5fc148a50  perl-5.004_03-2.src.rpm

        Upgrade with the following commands:

                rpm -q perl && rpm -U perl-5.004_03-2.i386.rpm
                rpm -q perl-add && rpm -U perl-add-5.004_03-2.i386.rpm
                rpm -q perl-examples && rpm -U perl-examples-5.004_03-2.i386.rpm
                rpm -q perl-man && rpm -U perl-man-5.004_03-2.i386.rpm
                rpm -q perl-pod && rpm -U perl-pod-5.004_03-2.i386.rpm

IV. References

BugTraq reference:
        From:   stanislav shalunov <shalunov@MCCME.RU>
        To:     BUGTRAQ@NETSPACE.ORG
        Subject:      another /tmp race: `perl -e' opens temp file not safely
        Date:   Sun, 8 Mar 1998 00:04:20 GMT
        Message-ID: <199803072356.CAA16643@main.mccme.rssi.ru>
                and follow-up postings

        This and other Caldera security resources are located at:

                http://www.caldera.com/tech-ref/security/

        This security fix closes Caldera's internal Problem Report 1810

V. PGP Signature

        This message was signed with the PGP key for security@caldera.com.

                This key can be obtained from:
                        ftp://ftp.caldera.com/pub/pgp-keys/

                Or on an OpenLinux CDROM under:
                         /OpenLinux/pgp-keys/



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNSwE9en+9R4958LpAQF8fwP+NN/0Xo4weZgTnc04ilkYvI3AIN8Iu3c9
hIajjL8/AChw9ZokzVIUlpCcpy4zr89gwT0xuhURwqZIDZcdnPAI+FDlxpZO2eH5
IRMgUlfp9jiQAkwa95U8pRhifCrf6BcyqJze3V5x/mrh6gU8bDH3r6IaCyaJt7kQ
u47ZMoQWIZE=
=gPQ+
-----END PGP SIGNATURE-----

-
Notes: To learn how to use this list server, email a "help" command to
majordomo@rim.caldera.com.