exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 72-1

Ubuntu Security Notice 72-1
Posted Feb 3, 2005
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-72-1 - Two exploitable vulnerabilities involving setuid-enabled perl scripts have been discovered.

tags | advisory, perl, vulnerability
systems | linux, ubuntu
SHA-256 | 3169c861663742bbc12a34cfe1f3756aa945ea56b65b204e0b25a03c7b12fb9f

Ubuntu Security Notice 72-1

Change Mirror Download

--tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-72-1 February 02, 2005
perl vulnerabilities
CAN-2005-0155, CAN-2005-0156
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

perl

The problem can be corrected by upgrading the affected package to
version 5.8.4-2ubuntu0.3. In general, a standard system upgrade is
sufficient to effect the necessary changes.=20

Details follow:

Two exploitable vulnerabilities involving setuid-enabled perl scripts
have been discovered. The package "perl-suid" provides a wrapper
around perl which allows to use setuid-root perl scripts, i.e.
user-callable Perl scripts which have full root privileges.

Previous versions allowed users to overwrite arbitrary files by
setting the PERLIO_DEBUG environment variable and calling an arbitrary
setuid-root perl script. The file that PERLIO_DEBUG points to was then
overwritten by Perl debug messages. This did not allow precise control
over the file content, but could destroy important data. PERLIO_DEBUG
is now ignored for setuid scripts. (CAN-2005-0155)

In addition, calling a setuid-root perl script with a very long path
caused a buffer overflow if PERLIO_DEBUG was set. This buffer overflow
could be exploited to execute arbitrary files with full root
privileges. (CAN-2005-0156)

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.=
3.diff.gz
Size/MD5: 57791 6838d5eb8b01a50895f60f899b7f9970
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.=
3.dsc
Size/MD5: 727 424d777c7a4f7e01e142bd907ec49134
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.=
gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl=
_5.8.4-2ubuntu0.3_all.deb
Size/MD5: 36762 3187be1f92d688e34fca60c46f688ca9
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubun=
tu0.3_all.deb
Size/MD5: 7049796 f64050a4658b325918e1d853d0f2cbc0
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2=
ubuntu0.3_all.deb
Size/MD5: 2181384 b2a50b4f2dde034430bc84bbabc791cc

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2u=
buntu0.3_amd64.deb
Size/MD5: 605434 2ca037b813fe14be47cafa2f27acd77b
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ub=
untu0.3_amd64.deb
Size/MD5: 1032 2bb8737a384a3786171d2ae2a3ed4a7a
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubu=
ntu0.3_amd64.deb
Size/MD5: 787086 e5bb5502b6e90a29c74acc032b9e55c5
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4=
-2ubuntu0.3_amd64.deb
Size/MD5: 3819860 1daaaa3016ad679e80199e19c5b901ef
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubu=
ntu0.3_amd64.deb
Size/MD5: 32832 0cb6d5e891a5524a8d88a2c42c866e57
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.=
3_amd64.deb
Size/MD5: 3834226 442c1ace9f9ea25dc24075c37ee2365b

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2u=
buntu0.3_i386.deb
Size/MD5: 546882 60034b55abcae07a3d6c6052a3213463
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ub=
untu0.3_i386.deb
Size/MD5: 494062 6588b891ea5946652fbfa57529ab63c7
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubu=
ntu0.3_i386.deb
Size/MD5: 727402 9f372c22dbe904e4986c20db27ca4eab
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4=
-2ubuntu0.3_i386.deb
Size/MD5: 3631146 a4e235f9ee4b5b4c00af9681c462f9cb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubu=
ntu0.3_i386.deb
Size/MD5: 30812 70923ad1d98c214f7d74b3fcd33fd8a3
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.=
3_i386.deb
Size/MD5: 3229674 c1eefcf39facb03157c59a0f87ff7471

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2u=
buntu0.3_powerpc.deb
Size/MD5: 560992 17dd72a903ea7cb68dde0b937c18dbbd
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ub=
untu0.3_powerpc.deb
Size/MD5: 1032 b30fdccfa2463633641622427cbcaa73
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubu=
ntu0.3_powerpc.deb
Size/MD5: 718224 c200522dfa69b9810d66dd94a5102f6f
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4=
-2ubuntu0.3_powerpc.deb
Size/MD5: 3817106 3fbeaca89ae2b2a54adb0b01b282f8bd
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubu=
ntu0.3_powerpc.deb
Size/MD5: 30558 606caf5631780c2941118a5bbd6b2fd4
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.=
3_powerpc.deb
Size/MD5: 3477176 d1e921f275e597dc1b59d6ca5680c07e

--tKW2IUtsqtDRztdT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCANxdDecnbV4Fd/IRAk1NAJ0dF0KzafnKs3XSLAdaEb4UV7+cxwCgxaE5
bcXrm1Q9jVV4EVNE/RHpKQc=
=RqPI
-----END PGP SIGNATURE-----

--tKW2IUtsqtDRztdT--
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close