Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2005-105.NASL
HistoryFeb 10, 2005 - 12:00 a.m.

RHEL 3 : perl (RHSA-2005:105)

2005-02-1000:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.1%

JSON

Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 3.

Perl is a high-level programming language commonly used for system administration utilities and Web programming.

Kevin Finisterre discovered a stack based buffer overflow flaw in sperl, the Perl setuid wrapper. A local user could create a sperl executable script with a carefully created path name, overflowing the buffer and leading to root privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0156 to this issue.

Kevin Finisterre discovered a flaw in sperl which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0155 to this issue.

Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:105. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(16361);
  script_version("1.26");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2004-0452", "CVE-2005-0155", "CVE-2005-0156");
  script_bugtraq_id(12426);
  script_xref(name:"RHSA", value:"2005:105");

  script_name(english:"RHEL 3 : perl (RHSA-2005:105)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated Perl packages that fix several security issues are now
available for Red Hat Enterprise Linux 3.

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

Kevin Finisterre discovered a stack based buffer overflow flaw in
sperl, the Perl setuid wrapper. A local user could create a sperl
executable script with a carefully created path name, overflowing the
buffer and leading to root privilege escalation. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0156 to this issue.

Kevin Finisterre discovered a flaw in sperl which can cause debugging
information to be logged to arbitrary files. By setting an environment
variable, a local user could cause sperl to create, as root, files
with arbitrary filenames, or append the debugging information to
existing files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0155 to this issue.

Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0452"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0155"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0156"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2005:105"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CGI");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CPAN");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-DB_File");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-suidperl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/02/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2005:105";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL3", reference:"perl-5.8.0-89.10")) flag++;
  if (rpm_check(release:"RHEL3", reference:"perl-CGI-2.81-89.10")) flag++;
  if (rpm_check(release:"RHEL3", reference:"perl-CPAN-1.61-89.10")) flag++;
  if (rpm_check(release:"RHEL3", reference:"perl-DB_File-1.804-89.10")) flag++;
  if (rpm_check(release:"RHEL3", reference:"perl-suidperl-5.8.0-89.10")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-CGI / perl-CPAN / perl-DB_File / perl-suidperl");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxperlp-cpe:/a:redhat:enterprise_linux:perl
redhatenterprise_linuxperl-cgip-cpe:/a:redhat:enterprise_linux:perl-cgi
redhatenterprise_linuxperl-cpanp-cpe:/a:redhat:enterprise_linux:perl-cpan
redhatenterprise_linuxperl-db_filep-cpe:/a:redhat:enterprise_linux:perl-db_file
redhatenterprise_linuxperl-suidperlp-cpe:/a:redhat:enterprise_linux:perl-suidperl
redhatenterprise_linux3cpe:/o:redhat:enterprise_linux:3

Related

redhat 3
openvas 25
nessus 13
freebsd 2
ubuntu 2
gentoo 2
nvd 8
cve 8
cvelist 8
ubuntucve 7
debiancve 7
debian 3
osv 2
centos 1
prion 3
securityvulns 2
cert 1
redhat
redhat
(RHSA-2005:103) perl security update
2005-02-15 00:00:00
(RHSA-2005:105) perl security update
2005-02-07 00:00:00
(RHSA-2006:0605) perl security update
2006-08-10 00:00:00
openvas
openvas
SLES9: Security update for Perl
2009-10-10 00:00:00
SLES9: Security update for Perl
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200502-13 (Perl)
2008-09-24 00:00:00
nessus
nessus
RHEL 4 : perl (RHSA-2005:103)
2005-02-22 00:00:00
Mandrake Linux Security Advisory : perl (MDKSA-2005:031)
2005-02-10 00:00:00
Ubuntu 4.10 : perl vulnerabilities (USN-72-1)
2006-01-15 00:00:00
freebsd
freebsd
perl -- vulnerabilities in PERLIO_DEBUG handling
2005-02-02 00:00:00
perl -- File::Path insecure file/directory permissions
2004-12-30 00:00:00
ubuntu
ubuntu
Perl vulnerabilities
2005-02-02 00:00:00
perl information leak
2004-12-21 00:00:00
gentoo
gentoo
Perl: Vulnerabilities in perl-suid wrapper
2005-02-11 00:00:00
Perl: rmtree and DBI tmpfile vulnerabilities
2005-01-26 00:00:00
nvd
nvd
CVE-2004-0452
2004-12-21 05:00:00
CVE-2005-0156
2005-02-07 05:00:00
CVE-2005-0155
2005-05-02 04:00:00
cve
cve
CVE-2004-0452
2004-12-31 05:00:00
CVE-2005-0156
2005-02-07 05:00:00
CVE-2005-0155
2005-05-02 04:00:00
cvelist
cvelist
CVE-2005-0156
2005-02-07 05:00:00
CVE-2004-0452
2004-12-31 05:00:00
CVE-2005-0155
2005-02-07 05:00:00
ubuntucve
ubuntucve
CVE-2005-0156
2005-02-07 00:00:00
CVE-2004-0452
2004-12-21 00:00:00
CVE-2005-0155
2005-05-02 00:00:00
debiancve
debiancve
CVE-2004-0452
2004-12-31 05:00:00
CVE-2005-0156
2005-02-07 05:00:00
CVE-2005-0155
2005-05-02 04:00:00
debian
debian
[SECURITY] [DSA 620-1] New perl packages fix several vulnerabilities
2004-12-30 16:50:22
[SECURITY] [DSA 620-1] New perl packages fix several vulnerabilities
2004-12-30 16:50:22
[SECURITY] [DSA 1678-1] New perl packages fix privilege escalation
2008-12-03 06:15:24
osv
osv
perl - privilege escalation
2008-12-03 00:00:00
perl - insecure temporary files / directories
2004-12-30 00:00:00
centos
centos
perl security update
2006-08-24 00:08:17
prion
prion
Design/Logic Flaw
2008-06-23 19:41:00
Race condition
2008-12-01 17:30:00
Race condition
2008-12-01 17:30:00
securityvulns
securityvulns
Perl symbolic links race conditions
2008-12-04 00:00:00
[SECURITY] [DSA 1678-1] New perl packages fix privilege escalation
2008-12-04 00:00:00
cert
cert
mod_python vulnerable to information disclosure via crafted URL
2005-02-21 00:00:00

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.1%

JSON
Related for REDHAT-RHSA-2005-105.NASL
redhat3openvas25nessus13freebsd2ubuntu2gentoo2nvd8cve8cvelist8ubuntucve7debiancve7debian3osv2centos1prion3securityvulns2cert1