Published: 07/02/2005 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

Vulnerable Product	Search on Vulmon	Subscribe to Product
larry wall perl 5.8.0
sgi propack 3.0
larry wall perl 5.8.4.2
larry wall perl 5.8.4
larry wall perl 5.8.4.5
larry wall perl 5.8.4.3
larry wall perl 5.8.4.2.3
larry wall perl 5.8.1
larry wall perl 5.8.4.1
larry wall perl 5.8.4.4
larry wall perl 5.8.3
trustix secure linux 2.0
suse suse linux 9.2
redhat enterprise linux desktop 3.0
suse suse linux 9.0
ubuntu ubuntu linux 4.1
suse suse linux 8.2
redhat enterprise linux 3.0
ibm aix 5.3
suse suse linux 8.0
ibm aix 5.2
trustix secure linux 1.5
suse suse linux 9.1
trustix secure linux 2.1
trustix secure linux 2.2
redhat fedora core core_3.0
suse suse linux 8.1

Two exploitable vulnerabilities involving setuid-enabled perl scripts have been discovered The package “perl-suid” provides a wrapper around perl which allows to use setuid-root perl scripts, ie user-callable Perl scripts which have full root privileges ...

Synopsis perl security update Type/Severity Security Advisory: Important Topic Updated Perl packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team Description ...

Synopsis perl security update Type/Severity Security Advisory: Important Topic Updated Perl packages that fix several security issues are now availablefor Red Hat Enterprise Linux 3 Description Perl is a high-level programming language commonly used for systemadministration utilities and W ...

/* * Copyright Kevin Finisterre * * Setuid perl PerlIO_Debug() overflow * * Tested on Debian 31 perl-suid 584-5 * * (11:07:20) *corezion:* who is tha man with tha masta plan? * (11:07:36) *corezion:* a nigga with a buffer overrun * (11:07:39) *corezion:* heh * (of course that is to the tune of wwwazlyricscom/lyrics/drdre/nigg ...

NVD-CWE-Other http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml http://www.redhat.com/support/errata/RHSA-2005-103.html http://www.redhat.com/support/errata/RHSA-2005-105.html http://www.trustix.org/errata/2005/0003/http://www.securityfocus.com/bid/12426 http://secunia.com/advisories/14120 http://fedoranews.org/updates/FEDORA--.shtml http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 http://www.mandriva.com/security/advisories?name=MDKSA-2005:031 http://secunia.com/advisories/55314 http://marc.info/?l=bugtraq&m=110737149402683&w=2 http://marc.info/?l=full-disclosure&m=110779721503111&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19208 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803 http://www.digitalmunition.com/DMA%5B2005-0131b%5D.txt https://usn.ubuntu.com/72-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/791/

CVE-2005-0156

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect