4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
10.1%
Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 3.
Perl is a high-level programming language commonly used for system administration utilities and Web programming.
Kevin Finisterre discovered a stack based buffer overflow flaw in sperl, the Perl setuid wrapper. A local user could create a sperl executable script with a carefully created path name, overflowing the buffer and leading to root privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0156 to this issue.
Kevin Finisterre discovered a flaw in sperl which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0155 to this issue.
Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2005:105. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(16361);
script_version("1.26");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2004-0452", "CVE-2005-0155", "CVE-2005-0156");
script_bugtraq_id(12426);
script_xref(name:"RHSA", value:"2005:105");
script_name(english:"RHEL 3 : perl (RHSA-2005:105)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated Perl packages that fix several security issues are now
available for Red Hat Enterprise Linux 3.
Perl is a high-level programming language commonly used for system
administration utilities and Web programming.
Kevin Finisterre discovered a stack based buffer overflow flaw in
sperl, the Perl setuid wrapper. A local user could create a sperl
executable script with a carefully created path name, overflowing the
buffer and leading to root privilege escalation. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0156 to this issue.
Kevin Finisterre discovered a flaw in sperl which can cause debugging
information to be logged to arbitrary files. By setting an environment
variable, a local user could cause sperl to create, as root, files
with arbitrary filenames, or append the debugging information to
existing files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0155 to this issue.
Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-0452"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2005-0155"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2005-0156"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2005:105"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CGI");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CPAN");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-DB_File");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-suidperl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/21");
script_set_attribute(attribute:"patch_publication_date", value:"2005/02/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/10");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2005:105";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL3", reference:"perl-5.8.0-89.10")) flag++;
if (rpm_check(release:"RHEL3", reference:"perl-CGI-2.81-89.10")) flag++;
if (rpm_check(release:"RHEL3", reference:"perl-CPAN-1.61-89.10")) flag++;
if (rpm_check(release:"RHEL3", reference:"perl-DB_File-1.804-89.10")) flag++;
if (rpm_check(release:"RHEL3", reference:"perl-suidperl-5.8.0-89.10")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-CGI / perl-CPAN / perl-DB_File / perl-suidperl");
}
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | perl | p-cpe:/a:redhat:enterprise_linux:perl |
redhat | enterprise_linux | perl-cgi | p-cpe:/a:redhat:enterprise_linux:perl-cgi |
redhat | enterprise_linux | perl-cpan | p-cpe:/a:redhat:enterprise_linux:perl-cpan |
redhat | enterprise_linux | perl-db_file | p-cpe:/a:redhat:enterprise_linux:perl-db_file |
redhat | enterprise_linux | perl-suidperl | p-cpe:/a:redhat:enterprise_linux:perl-suidperl |
redhat | enterprise_linux | 3 | cpe:/o:redhat:enterprise_linux:3 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0452
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0155
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0156
access.redhat.com/errata/RHSA-2005:105
access.redhat.com/security/cve/cve-2004-0452
access.redhat.com/security/cve/cve-2005-0155
access.redhat.com/security/cve/cve-2005-0156