SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Perl Vendors:   Wall, Larry
Perl DBI::ProxyServer Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1013007
SecurityTracker URL:  http://securitytracker.com/id/1013007
CVE Reference:   CVE-2005-0077   (Links to External Site)
Date:  Jan 26 2005
Impact:   Execution of arbitrary code via local system, User access via local system


Description:   A vulnerability was reported in the Perl DBI library in the use of temporary files. A local user may be able to gain elevated privileges.

The 'DBI::ProxyServer' module in the Perl DBI library uses a process ID (PID) file in an unsafe manner. A local user can create a symbolic link (symlink) from a critical file on the system to the PID file used by the library. Then, when a target user invokes an application that uses the module (such as 'dbiproxy'), the symlinked file may be created or overwritten with the privileges of the target user.

The flaws reside in 'dbiproxy.PL' and 'lib/DBI/ProxyServer.pm'.

Javier Fernandez-Sanguino Pena from the Debian Security Audit Project is credited with discovering this flaw.

Impact:   A local user may be able to gain elevated privileges.
Solution:   No solution was available at the time of this entry.
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 26 2005 (Debian Issues Fix) Perl DBI::ProxyServer Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
Debian has released a fix.
Feb 2 2005 (Red Hat Issues Fix) Perl DBI::ProxyServer Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
Red Hat has released a fix.
Feb 9 2005 (Mandrake Issues Fix) Perl DBI::ProxyServer Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
Mandrake has released a fix.
Feb 16 2005 (Red Hat Issues Fix) Perl DBI::ProxyServer Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
Red Hat has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC