Lucene search
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2005-069.NASLHistoryFeb 02, 2005 - 12:00 a.m.
RHEL 2.1 / 3 : perl (RHSA-2005:069)
2005-02-0200:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
EPSS
0
Percentile
5.1%
An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available.
DBI is a database access Application Programming Interface (API) for the Perl programming language.
The Debian Security Audit Project discovered that the DBI library creates a temporary PID file in an insecure manner. A local user could overwrite or create files as a different user who happens to run an application which uses DBI::ProxyServer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0077 to this issue.
Users should update to this erratum package which disables the temporary PID file unless configured.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2005:069. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(16298);
script_version("1.27");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2005-0077");
script_xref(name:"RHSA", value:"2005:069");
script_name(english:"RHEL 2.1 / 3 : perl (RHSA-2005:069)");
script_summary(english:"Checks the rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An updated perl-DBI package that fixes a temporary file flaw in
DBI::ProxyServer is now available.
DBI is a database access Application Programming Interface (API) for
the Perl programming language.
The Debian Security Audit Project discovered that the DBI library
creates a temporary PID file in an insecure manner. A local user could
overwrite or create files as a different user who happens to run an
application which uses DBI::ProxyServer. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2005-0077 to this issue.
Users should update to this erratum package which disables the
temporary PID file unless configured."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2005-0077"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2005:069"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected perl-DBI package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-DBI");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02");
script_set_attribute(attribute:"patch_publication_date", value:"2005/02/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/02");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2005:069";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"perl-DBI-1.18-3")) flag++;
if (rpm_check(release:"RHEL3", reference:"perl-DBI-1.32-9")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBI");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | perl-dbi | p-cpe:/a:redhat:enterprise_linux:perl-dbi |
| redhat | enterprise_linux | 2.1 | cpe:/o:redhat:enterprise_linux:2.1 |
| redhat | enterprise_linux | 3 | cpe:/o:redhat:enterprise_linux:3 |
Related
redhat
redhat
(RHSA-2005:069) perl security update
2005-02-01 00:00:00
(RHSA-2005:072) perl-DBI security update
2005-02-15 00:00:00
nessus
nessus
FreeBSD : p5-DBI -- insecure temporary file creation vulnerability (8cfb6f42-d2b0-11da-a672-000e0c2e438a)
2006-05-13 00:00:00
Debian DSA-658-1 : libdbi-perl - insecure temporary file
2005-01-25 00:00:00
SuSE9 Security Update : perl-DBI (YOU Patch Number 9838)
2009-09-24 00:00:00
openvas
openvas
SLES9: Security update for perl-DBI
2009-10-10 00:00:00
FreeBSD Ports: p5-DBI, p5-DBI-137
2008-09-04 00:00:00
Debian Security Advisory DSA 658-1 (libdbi-perl)
2008-01-17 00:00:00
freebsd
freebsd
p5-DBI -- insecure temporary file creation vulnerability
2005-01-25 00:00:00
nvd
nvd
CVE-2005-0077
2005-05-02 04:00:00
ubuntucve
ubuntucve
CVE-2005-0077
2005-05-02 00:00:00
ubuntu
ubuntu
Perl DBI module vulnerability
2005-01-26 00:00:00
debiancve
debiancve
CVE-2005-0077
2005-05-02 04:00:00
securityvulns
securityvulns
[SECURITY] [DSA 658-1] New libdbi-perl packages fix insecure temporary file
2005-01-26 00:00:00
cve
cve
CVE-2005-0077
2005-05-02 04:00:00
debian
debian
[SECURITY] [DSA 658-1] New libdbi-perl packages fix insecure temporary file
2005-01-25 16:22:29
[SECURITY] [DSA 658-1] New libdbi-perl packages fix insecure temporary file
2005-01-25 16:22:29
cvelist
cvelist
CVE-2005-0077
2005-01-29 05:00:00
gentoo
gentoo
Perl: rmtree and DBI tmpfile vulnerabilities
2005-01-26 00:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
EPSS
0
Percentile
5.1%
Related for REDHAT-RHSA-2005-069.NASL