4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
0.4%
CentOS Errata and Security Advisory CESA-2006:0605
Perl is a high-level programming language commonly used for system
administration utilities and Web programming.
Kevin Finisterre discovered a flaw in sperl, the Perl setuid wrapper, which
can cause debugging information to be logged to arbitrary files. By setting
an environment variable, a local user could cause sperl to create, as root,
files with arbitrary filenames, or append the debugging information to
existing files. (CVE-2005-0155)
A fix for this issue was first included in the update RHSA-2005:103
released in February 2005. However the patch to correct this issue was
dropped from the update RHSA-2005:674 made in October 2005. This
regression has been assigned CVE-2006-3813.
Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-August/075307.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075308.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075337.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075338.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075339.html
Affected packages:
perl
perl-suidperl
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0605
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | perl | < 5.8.5-36.RHEL4 | perl-5.8.5-36.RHEL4.i386.rpm |
CentOS | 4 | i386 | perl-suidperl | < 5.8.5-36.RHEL4 | perl-suidperl-5.8.5-36.RHEL4.i386.rpm |
CentOS | 4 | x86_64 | perl | < 5.8.5-36.RHEL4 | perl-5.8.5-36.RHEL4.x86_64.rpm |
CentOS | 4 | x86_64 | perl-suidperl | < 5.8.5-36.RHEL4 | perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm |
CentOS | 4 | alpha | perl | < 5.8.5-36.RHEL4 | perl-5.8.5-36.RHEL4.alpha.rpm |
CentOS | 4 | alpha | perl-suidperl | < 5.8.5-36.RHEL4 | perl-suidperl-5.8.5-36.RHEL4.alpha.rpm |
CentOS | 4 | ia64 | perl | < 5.8.5-36.RHEL4 | perl-5.8.5-36.RHEL4.ia64.rpm |
CentOS | 4 | ia64 | perl-suidperl | < 5.8.5-36.RHEL4 | perl-suidperl-5.8.5-36.RHEL4.ia64.rpm |
CentOS | 4 | s390 | perl | < 5.8.5-36.RHEL4 | perl-5.8.5-36.RHEL4.s390.rpm |
CentOS | 4 | s390 | perl-suidperl | < 5.8.5-36.RHEL4 | perl-suidperl-5.8.5-36.RHEL4.s390.rpm |