CVE-2005-0448
CVSS1.2
发布时间 :2005-05-02 00:00:00
修订时间 :2013-10-23 21:44:38
NMCOPS    

[原文]Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.


[CNNVD]Perl rmdir()函数 本地竞争条件漏洞(CNNVD-200505-582)

        Perl的lib/File/Path.pm模块中的rmtree函数存在竞争条件错误,本地攻击者可以通过符号链接攻击创建任意setuid二进制程序。
        

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:larry_wall:perl:5.8.4
cpe:/a:larry_wall:perl:5.8.3
cpe:/a:larry_wall:perl:5.8.0
cpe:/a:larry_wall:perl:5.8.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:728HP-UX 11 Perl rmtree Race Condition
oval:org.mitre.oval:def:10475Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tr...
oval:org.mitre.oval:def:7799DSA-1678 perl -- design flaws
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0448
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-582
(官方数据源) CNNVD

- 其它链接及资源

http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200501-38
http://www.debian.org/security/2005/dsa-696
(VENDOR_ADVISORY)  DEBIAN  DSA-696
http://www.securityfocus.com/advisories/8704
(UNKNOWN)  HP  HPSBUX01208
http://secunia.com/advisories/55314
(UNKNOWN)  SECUNIA  55314
http://www.ubuntulinux.org/support/documentation/usn/usn-94-1
(UNKNOWN)  UBUNTU  USN-94-1
http://www.securityfocus.com/bid/12767
(UNKNOWN)  BID  12767
http://www.securityfocus.com/advisories/8704
(UNKNOWN)  HP  SSRT5938
http://www.redhat.com/support/errata/RHSA-2005-881.html
(UNKNOWN)  REDHAT  RHSA-2005:881
http://www.redhat.com/support/errata/RHSA-2005-674.html
(UNKNOWN)  REDHAT  RHSA-2005:674
http://www.mandriva.com/security/advisories?name=MDKSA-2005:079
(UNKNOWN)  MANDRIVA  MDKSA-2005:079
http://secunia.com/advisories/18517
(UNKNOWN)  SECUNIA  18517
http://secunia.com/advisories/18075
(UNKNOWN)  SECUNIA  18075
http://secunia.com/advisories/17079
(UNKNOWN)  SECUNIA  17079
http://secunia.com/advisories/14531
(UNKNOWN)  SECUNIA  14531
http://fedoranews.org/updates/FEDORA--.shtml
(UNKNOWN)  FEDORA  FLSA-2006:152845
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
(UNKNOWN)  CONECTIVA  CLSA-2006:1056
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
(UNKNOWN)  SGI  20060101-01-U

- 漏洞信息

Perl rmdir()函数 本地竞争条件漏洞
低危 竞争条件
2005-05-02 00:00:00 2005-10-25 00:00:00
本地  
        Perl的lib/File/Path.pm模块中的rmtree函数存在竞争条件错误,本地攻击者可以通过符号链接攻击创建任意setuid二进制程序。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Ubuntu Ubuntu Linux 7.10 powerpc
        Ubuntu libarchive-tar-perl_1.31-1ubuntu0.1_all.deb
        http://security.ubuntu.com/ubuntu/pool/main/liba/libarchive-tar-perl/l ibarchive-tar-perl_1.31-1ubuntu0.1_all.deb
        Ubuntu libcgi-fast-perl_5.8.8-7ubuntu3.4_all.deb
        http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-per l_5.8.8-7ubuntu3.4_all.deb
        Ubuntu libperl-dev_5.8.8-7ubuntu3.4_powerpc.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7 ubuntu3.4_powerpc.deb
        Ubuntu libperl5.8_5.8.8-7ubuntu3.4_powerpc.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7u buntu3.4_powerpc.deb
        Ubuntu perl-base_5.8.8-7ubuntu3.4_powerpc.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ub untu3.4_powerpc.deb
        Ubuntu perl-debug_5.8.8-7ubuntu3.4_powerpc.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7u buntu3.4_powerpc.deb
        Ubuntu perl-doc_5.8.8-7ubuntu3.4_all.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-7ubu ntu3.4_all.deb
        Ubuntu perl-modules_5.8.8-7ubuntu3.4_all.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8- 7ubuntu3.4_all.deb
        Ubuntu perl-suid_5.8.8-7ubuntu3.4_powerpc.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ub untu3.4_powerpc.deb
        Ubuntu perl_5.8.8-7ubuntu3.4_powerpc.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3 .4_powerpc.deb
        Ubuntu Ubuntu Linux 8.04 LTS powerpc
        Ubuntu libarchive-tar-perl_1.36-1ubuntu0.1_all.deb
        http://security.ubuntu.com/ubuntu/pool/main/liba/libarchive-tar-perl/l ibarchive-tar-perl_1.36-1ubuntu0.1_all.deb
        Ubuntu libcgi-fast-perl_5.8.8-12ubuntu0.3_all.deb
        http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-per l_5.8.8-12ubuntu0.3_all.deb
        Ubuntu libcgi-fast-perl_5.8.8-12ubuntu0.4_all.deb
        http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-per l_5.8.8-12ubuntu0.4_all.deb
        Ubuntu libperl-dev_5.8.8-12ubuntu0.3_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.8.8-12ubuntu0.3 _powerpc.deb
        Ubuntu libperl-dev_5.8.8-12ubuntu0.4_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.8.8-12ubuntu0.4 _powerpc.deb
        Ubuntu libperl5.8_5.8.8-12ubuntu0.3_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/libperl5.8_5.8.8-12ubuntu0.3_ powerpc.deb
        Ubuntu libperl5.8_5.8.8-12ubuntu0.4_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/libperl5.8_5.8.8-12ubuntu0.4_ powerpc.deb
        Ubuntu perl-base_5.8.8-12ubuntu0.3_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.8.8-12ubuntu0.3_p owerpc.deb
        Ubuntu perl-base_5.8.8-12ubuntu0.4_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.8.8-12ubuntu0.4_p owerpc.deb
        Ubuntu perl-debug_5.8.8-12ubuntu0.3_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.8.8-12ubuntu0.3_ powerpc.deb
        Ubuntu perl-debug_5.8.8-12ubuntu0.4_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.8.8-12ubuntu0.4_ powerpc.deb
        Ubuntu perl-doc_5.8.8-12ubuntu0.3_all.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-12ub untu0.3_all.deb
        Ubuntu perl-doc_5.8.8-12ubuntu0.4_all.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-12ub untu0.4_all.deb
        Ubuntu perl-modules_5.8.8-12ubuntu0.3_all.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8- 12ubuntu0.3_all.deb
        Ubuntu perl-modules_5.8.8-12ubuntu0.4_all.deb
        http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8- 12ubuntu0.4_all.deb
        Ubuntu perl-suid_5.8.8-12ubuntu0.3_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.8.8-12ubuntu0.3_p owerpc.deb
        Ubuntu perl-suid_5.8.8-12ubuntu0.4_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.8.8-12ubuntu0.4_p owerpc.deb
        Ubuntu perl_5.8.8-12ubuntu0.3_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/perl_5.8.8-12ubuntu0.3_powerp c.deb
        Ubuntu perl_5.8.8-12ubuntu0.4_powerpc.deb
        http://ports.ubuntu.com/pool/main/p/perl/perl_5.8.8-12ubuntu0.4_powerp c.deb

- 漏洞信息 (F36762)

dsa-696.txt (PacketStormID:F36762)
2005-03-24 00:00:00
 
advisory,perl
linux,debian
CVE-2005-0448
[点击下载]

Debian Security Advisory 696-1 - Paul Szabo discovered another vulnerability in the File::Path::rmtree function of perl, the popular scripting language. When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 696-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
March 22nd, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : perl
Vulnerability  : design flaw
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0448
Debian Bug     : 286905 286922

Paul Szabo discovered another vulnerability in the File::Path::rmtree
function of perl, the popular scripting language.  When a process is
deleting a directory tree, a different user could exploit a race
condition to create setuid binaries in this directory tree, provided
that he already had write permissions in any subdirectory of that
tree.

For the stable distribution (woody) this problem has been fixed in
version 5.6.1-8.9.

For the unstable distribution (sid) this problem has been fixed in
version 5.8.4-8.

We recommend that you upgrade your perl packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.dsc
      Size/MD5 checksum:      687 bf8f434e157f15546953ae89dfb2f932
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.diff.gz
      Size/MD5 checksum:   176889 5f8583904c8f261d31f0935611ca7314
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
      Size/MD5 checksum:  5983695 ec1ff15464809b562aecfaa2e65edba6

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.9_all.deb
      Size/MD5 checksum:    31524 2516eb570a001c6a3376042ff85e3ff9
    http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.9_all.deb
      Size/MD5 checksum:  3885588 d2ccba71035e7b24bed20b0d50e6cd3c
    http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.9_all.deb
      Size/MD5 checksum:  1278636 ba2dbf867e05ce0a238a6bb0655ae88f

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:   620238 f6f8096076b94b0ac14a7e76f5cba5e8
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:   435790 e0d74ac7f28bea04ad599a34e3c860c3
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:  1218044 4d4cbcd9b01f010f0ca55a324a7f5052
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:   209396 5227c51b7c3669e6351b60fdfc71ac4a
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:  2826616 46388e257e6870a5625fa0d90e52dbe2
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:    34564 ee65e15d8617f998669827f2b462d91c

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_arm.deb
      Size/MD5 checksum:   516690 39fbf1d488a709588bf624f0371e6330
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_arm.deb
      Size/MD5 checksum:   362946 2d443d23489a01a8b69c837d1c4c6f9f
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_arm.deb
      Size/MD5 checksum:  1164488 813bb81756ee700c9f0fa7b59082fb2e
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_arm.deb
      Size/MD5 checksum:   546032 3e6acd2b374169ac6b5baeacb64489a5
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_arm.deb
      Size/MD5 checksum:  2307832 c7e285156f4d87fd35c1229585ef8782
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_arm.deb
      Size/MD5 checksum:    29198 ad16061b652d47e4c424b66b97f1975a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_i386.deb
      Size/MD5 checksum:   424620 325554fce57546f366bd8eb8eae13d0d
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_i386.deb
      Size/MD5 checksum:   347980 e896258f9bab36868a62f2d4abf38f3b
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_i386.deb
      Size/MD5 checksum:  1150462 7eb6c4b69d60aa1aa203c8e121001b08
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_i386.deb
      Size/MD5 checksum:   497350 46ad051a8314caccc5bb58c0c63f21fb
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_i386.deb
      Size/MD5 checksum:  2119332 d32af3c6b914565feef67bbc88d26fac
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_i386.deb
      Size/MD5 checksum:    28422 2d35d5c7bf825e4ee402a2ee2d1e9961

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:   703848 88b2bba779fad35e4c4a0b8d19238e08
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:   599458 9eed98c89d18626a780acad02c548394
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:  1266698 2e8b9cc7c51ff5f83543cc8f72062db1
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:   227016 ae999032a6292a8bc1afeaa779338a65
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:  3312646 cb9590ae70e82d03809b6dd0cdf6adbb
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:    44922 e938aea805dbcc82a6b51c45808ba117

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:   623294 8a37db2a531ceac76b5ff58b63c7dea0
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:   473742 4bfb532b44c575d9ac162721e53a3296
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:  1211970 5f02f7b3827b5bcccfae2d55d2abb3e8
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:   209228 61b8c26d1fd0cf1efe199f8c2f0114dd
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:  2288236 c9c35fe2b162d6c221996dceff59227e
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:    33804 93aaedff418ba33ec0dca5fd5ae00cf2

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:   399768 1c4ff2052a44789b9257d4edc59e33c5
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:   332248 d419e1b65fb16004a7b62fca3a488445
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:  1149668 f1c1c802bece18494c769d0752e93df2
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:   192926 85e49a21425030e7217a2ed3c0803654
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:  2132078 ad607985a798b1367e4ccef997a371ab
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:    27486 9e54239d40fe18c3a6130ed08c873e1a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_mips.deb
      Size/MD5 checksum:   522846 8ebd0579ab6ee8cf7ed31f37d1990953
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mips.deb
      Size/MD5 checksum:   364932 72afd3b4f4229da22df458f35bb85893
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_mips.deb
      Size/MD5 checksum:  1162038 7cbad6e00cbf6e6796d9fdcdeccaa7ff
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_mips.deb
      Size/MD5 checksum:   186566 2e2e8245567fd65a3da46effd457d6ad
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_mips.deb
      Size/MD5 checksum:  2408714 735db2fb28c5387a345ab214daa3586b
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_mips.deb
      Size/MD5 checksum:    28774 3da9dae3a1b7b0973e78dba4640e7fca

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:   516598 3ea5fd72796802f9e2217ef857963e8a
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:   361566 dcba96e1e5ecf54b37bd09442a632ada
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:  1160540 803e02a77c086a3b3e91b364abb39447
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:   186056 acb435b8e4337c1b7abdfebc2d611ba9
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:  2265654 0c1c16167fc65440eba23d17217ada05
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:    28354 d3e4a6c4608a8728379f4082c693324f

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:   567786 9a9eaff7634f0413fc89b2975ef18a54
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:   400804 b8c0c65a8711851fd03607da100a169c
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:  1183760 9209ef9514add684d6192cb29d81271b
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:   202904 d4c99aedd96846be19bf963acd70170a
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:  2301264 99ab35e586b1cecb05834106b8106daa
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:    30568 c859419ca068e074b011841d7bf29d70

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_s390.deb
      Size/MD5 checksum:   456344 d4bbbca929f81cc6c4a3da63e4c99a9f
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_s390.deb
      Size/MD5 checksum:   405156 de0c5dfb77f6f06eae9cc2f04c632fa8
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_s390.deb
      Size/MD5 checksum:  1168236 b51348ff85d77789baf85faecebb1686
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_s390.deb
      Size/MD5 checksum:   191948 048b3fde8d8ab1b2587e0c876efd2228
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_s390.deb
      Size/MD5 checksum:  2210630 00802a6d82f01ad545c8b1e7cb71b310
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_s390.deb
      Size/MD5 checksum:    32540 62b9dcc44027696b5f129910fb34f446

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:   529162 0279f9d389232fa97b2de37a2299e8f7
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:   404524 2c1a815027304e986c97ca96e43520c6
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:  1192166 7a85c23d177eb8bec63e15cf80e479b0
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:   211848 94817bb5a07639c6988a21266e8770f0
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:  2285542 0f0b4081df6154ef89f8ca59863c4367
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:    30724 aa5a594ce8210d02ac75d979f1ab0201


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCP/ngW5ql+IAeqTIRAjsLAJ0ar+tlEL/SF92Bcm75/jN5aLWsWwCfZqG6
rZRZq9mbIxMPx76x4Gc1j/c=
=3a+w
-----END PGP SIGNATURE-----

    

- 漏洞信息

14619
Perl File::Path::rmtree Function Race Condition Privilege Escalation
Local Access Required Race Condition
Loss of Integrity
Exploit Unknown

- 漏洞描述

The Perl File::Path:rmtree function contains a flaw that may allow a malicious local user to change permissions of arbitrary files on system. The issue is due to the way the File::Path::rmtree function handles directory permissions when cleaning up directories. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

- 时间线

2005-03-09 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability
Race Condition Error 12767
No Yes
2005-03-09 12:00:00 2011-12-28 09:10:00
Discovery is credited to Paul Szabo.

- 受影响的程序版本

Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 lpia
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
rPath rPath Linux 2
rPath rPath Linux 1
rPath Appliance Platform Linux Service 2
rPath Appliance Platform Linux Service 1
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux 5 Server
Pardus Linux 2008 0
Pardus Linux 2007 0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 2010.0 x86_64
Mandriva Linux Mandrake 2010.0
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Larry Wall Perl 5.8.8
Larry Wall Perl 5.8.6
+ Gentoo Linux
Larry Wall Perl 5.8.5
+ Turbolinux Turbolinux Server 10.0
Larry Wall Perl 5.8.4 -5
Larry Wall Perl 5.8.4 -4
Larry Wall Perl 5.8.4 -3
Larry Wall Perl 5.8.4 -2.3
Larry Wall Perl 5.8.4 -2
Larry Wall Perl 5.8.4 -1
Larry Wall Perl 5.8.4
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
Larry Wall Perl 5.8.3
+ Gentoo Linux
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Larry Wall Perl 5.8.1
Larry Wall Perl 5.8
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
Larry Wall Perl 5.6.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Larry Wall Perl 5.6
Larry Wall Perl 5.0 05_003
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2
+ Debian Linux 2.1 sparc
+ Debian Linux 2.1 alpha
+ Debian Linux 2.1 68k
+ Debian Linux 2.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ RedHat Linux 6.2 E sparc
+ RedHat Linux 6.2 E i386
+ RedHat Linux 6.2 E alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3
+ Trustix Trustix Secure Linux 1.1
+ Turbolinux Turbolinux 6.0.4
+ Turbolinux Turbolinux 6.0.3
+ Turbolinux Turbolinux 6.0.2
+ Turbolinux Turbolinux 6.0.1
+ Turbolinux Turbolinux 6.0
+ Turbolinux Turbolinux 4.4
+ Turbolinux Turbolinux 4.2
+ Turbolinux Turbolinux 4.0
Larry Wall Perl 5.0 05
Larry Wall Perl 5.0 04_05
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
+ RedHat Linux 5.1
+ RedHat Linux 5.0
Larry Wall Perl 5.0 04_04
Larry Wall Perl 5.0 04
Larry Wall Perl 5.0 03
Larry Wall Perl 5.10
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.00
F5 Enterprise Manager 2.2
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Conectiva Linux 10.0
Avaya Predictive Dialing System (PDS) 12.0
Apple Mac OS X Server 10.5.8
Apple Mac OS X 10.5.8
F5 Enterprise Manager 2.3

- 不受影响的程序版本

F5 Enterprise Manager 2.3

- 漏洞讨论

Perl is reported prone to a local race-condition vulnerability. The issue resides in the 'rmtree()' function provided by the 'File::Path.pm' module.

A successful attack may allow an attacker to gain elevated privileges on a vulnerable computer.

UPDATE (December 2, 2008): This issue has been reported in Perl 5.8.8 and 5.10.

- 漏洞利用

Attackers may use common tools to exploit this issue.

- 解决方案

Updates are available. Please see the references for more information.


Ubuntu Ubuntu Linux 7.10 powerpc

Ubuntu Ubuntu Linux 8.04 LTS powerpc

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu Ubuntu Linux 8.04 LTS sparc

Mandriva Linux Mandrake 2008.0 x86_64

Ubuntu Ubuntu Linux 8.04 LTS amd64

Mandriva Linux Mandrake 2008.0

Ubuntu Ubuntu Linux 7.10 sparc

Mandriva Linux Mandrake 2010.0

Debian Linux 4.0 amd64

Debian Linux 4.0 ia-32

Debian Linux 4.0 hppa

Ubuntu Ubuntu Linux 8.10 sparc

Debian Linux 4.0 mipsel

Ubuntu Ubuntu Linux 8.10 amd64

Debian Linux 4.0 ia-64

Debian Linux 4.0 mips

Debian Linux 4.0 arm

Debian Linux 4.0 powerpc

Ubuntu Ubuntu Linux 8.10 i386

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站