SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Perl Vendors:   Wall, Larry
(Oracle Issues Fix for Solaris) Perl File::Path.pm rmtree() Race Condition May Let Local Users Create Privileged Binaries
SecurityTracker Alert ID:  1029131
SecurityTracker URL:  http://securitytracker.com/id/1029131
CVE Reference:   CVE-2005-0448   (Links to External Site)
Date:  Oct 4 2013
Impact:   Modification of system information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.8.4
Description:   In March 2005, a vulnerability was reported in the rmtree() function in File::Path.pm. A local user may be able to create set user id (setuid) binaries in certain cases.

A local user can exploit a race condition to create setuid binaries in a directory tree while the directory tree is being deleted by a root level user. The user must have write permissions in that directory tree to exploit this flaw.

Paul Szabo discovered this vulnerability.

Impact:   A local user can create setuid binaries in certain cases.
Solution:   Oracle has issued a fix for Solaris.

The Oracle advisory is available at:

http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_perl_5

Cause:   Access control error, State error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  10, 11.1

Message History:   This archive entry is a follow-up to the message listed below.
Jun 16 2005 Perl File::Path.pm rmtree() Race Condition May Let Local Users Create Privileged Binaries



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC