Vulnerabilites related to larry_wall - perl
cve-2004-0452
Vulnerability from cvelistv5
Published
2004-12-31 05:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2005:105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name": "oval:org.mitre.oval:def:9938",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"
},
{
"name": "RHSA-2005:103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "DSA-620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"name": "20060101-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "FLSA-2006:152845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12991"
},
{
"name": "20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110547693019788\u0026w=2"
},
{
"name": "USN-44-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/usn-44-1/"
},
{
"name": "GLSA-200501-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"name": "12072",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12072"
},
{
"name": "18517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18517"
},
{
"name": "perl-filepathrmtree-insecure-permissions(18650)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2005:105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name": "oval:org.mitre.oval:def:9938",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"
},
{
"name": "RHSA-2005:103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "DSA-620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"name": "20060101-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "FLSA-2006:152845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12991"
},
{
"name": "20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110547693019788\u0026w=2"
},
{
"name": "USN-44-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/usn-44-1/"
},
{
"name": "GLSA-200501-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"name": "12072",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12072"
},
{
"name": "18517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18517"
},
{
"name": "perl-filepathrmtree-insecure-permissions(18650)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18650"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:105",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name": "oval:org.mitre.oval:def:9938",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"
},
{
"name": "RHSA-2005:103",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "DSA-620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"name": "20060101-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "FLSA-2006:152845",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12991"
},
{
"name": "20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110547693019788\u0026w=2"
},
{
"name": "USN-44-1",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/usn-44-1/"
},
{
"name": "GLSA-200501-38",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"name": "12072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12072"
},
{
"name": "18517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18517"
},
{
"name": "perl-filepathrmtree-insecure-permissions(18650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18650"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0452",
"datePublished": "2004-12-31T05:00:00",
"dateReserved": "2004-05-06T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5116
Vulnerability from cvelistv5
Published
2007-11-07 20:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27479"
},
{
"name": "DSA-1400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1400"
},
{
"name": "HPSBTU02311",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120352263023774\u0026w=2"
},
{
"name": "SSRT080001",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120352263023774\u0026w=2"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "IZ10244",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244"
},
{
"name": "27936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27936"
},
{
"name": "20071110 FLEA-2007-0063-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483563/100/0/threaded"
},
{
"name": "28993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28993"
},
{
"name": "IZ10220",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1813"
},
{
"name": "31524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1"
},
{
"name": "USN-552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-552-1"
},
{
"name": "oval:org.mitre.oval:def:10669",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669"
},
{
"name": "1018899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018899"
},
{
"name": "ADV-2008-0641",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0641"
},
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27756"
},
{
"name": "RHSA-2007:0966",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0966.html"
},
{
"name": "29074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29074"
},
{
"name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
},
{
"name": "27548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27548"
},
{
"name": "RHSA-2007:1011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1011.html"
},
{
"name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"name": "27546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27546"
},
{
"name": "GLSA-200711-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml"
},
{
"name": "ADV-2007-3724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3724"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm"
},
{
"name": "OpenPKG-SA-2007.023",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=378131"
},
{
"name": "231524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1"
},
{
"name": "27531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27531"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "27515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27515"
},
{
"name": "27570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27613"
},
{
"name": "28368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28368"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "1018985",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1"
},
{
"name": "MDKSA-2007:207",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:207"
},
{
"name": "ADV-2007-4255",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4255"
},
{
"name": "20071112 FLEA-2007-0069-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483584/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"name": "perl-unicode-bo(38270)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://aix.software.ibm.com/aix/efixes/security/README"
},
{
"name": "31208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31208"
},
{
"name": "28387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28387"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
},
{
"name": "ADV-2008-0064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0064"
},
{
"name": "28167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28167"
},
{
"name": "26350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26350"
},
{
"name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27479"
},
{
"name": "DSA-1400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1400"
},
{
"name": "HPSBTU02311",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120352263023774\u0026w=2"
},
{
"name": "SSRT080001",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=120352263023774\u0026w=2"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "IZ10244",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244"
},
{
"name": "27936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27936"
},
{
"name": "20071110 FLEA-2007-0063-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483563/100/0/threaded"
},
{
"name": "28993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28993"
},
{
"name": "IZ10220",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1813"
},
{
"name": "31524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1"
},
{
"name": "USN-552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-552-1"
},
{
"name": "oval:org.mitre.oval:def:10669",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669"
},
{
"name": "1018899",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018899"
},
{
"name": "ADV-2008-0641",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0641"
},
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27756"
},
{
"name": "RHSA-2007:0966",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0966.html"
},
{
"name": "29074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29074"
},
{
"name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
},
{
"name": "27548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27548"
},
{
"name": "RHSA-2007:1011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1011.html"
},
{
"name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"name": "27546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27546"
},
{
"name": "GLSA-200711-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml"
},
{
"name": "ADV-2007-3724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3724"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm"
},
{
"name": "OpenPKG-SA-2007.023",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=378131"
},
{
"name": "231524",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1"
},
{
"name": "27531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27531"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "27515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27515"
},
{
"name": "27570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27613"
},
{
"name": "28368",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28368"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "1018985",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1"
},
{
"name": "MDKSA-2007:207",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:207"
},
{
"name": "ADV-2007-4255",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4255"
},
{
"name": "20071112 FLEA-2007-0069-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483584/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"name": "perl-unicode-bo(38270)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://aix.software.ibm.com/aix/efixes/security/README"
},
{
"name": "31208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31208"
},
{
"name": "28387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28387"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
},
{
"name": "ADV-2008-0064",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0064"
},
{
"name": "28167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28167"
},
{
"name": "26350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26350"
},
{
"name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27479"
},
{
"name": "DSA-1400",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1400"
},
{
"name": "HPSBTU02311",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120352263023774\u0026w=2"
},
{
"name": "SSRT080001",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=120352263023774\u0026w=2"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "IZ10244",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244"
},
{
"name": "27936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27936"
},
{
"name": "20071110 FLEA-2007-0063-1 perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483563/100/0/threaded"
},
{
"name": "28993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28993"
},
{
"name": "IZ10220",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220"
},
{
"name": "https://issues.rpath.com/browse/RPL-1813",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1813"
},
{
"name": "31524",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1"
},
{
"name": "USN-552-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-552-1"
},
{
"name": "oval:org.mitre.oval:def:10669",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669"
},
{
"name": "1018899",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018899"
},
{
"name": "ADV-2008-0641",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0641"
},
{
"name": "27756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27756"
},
{
"name": "RHSA-2007:0966",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0966.html"
},
{
"name": "29074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29074"
},
{
"name": "20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
},
{
"name": "27548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27548"
},
{
"name": "RHSA-2007:1011",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1011.html"
},
{
"name": "[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=323571",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"name": "27546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27546"
},
{
"name": "GLSA-200711-28",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml"
},
{
"name": "ADV-2007-3724",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3724"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm"
},
{
"name": "OpenPKG-SA-2007.023",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=378131",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=378131"
},
{
"name": "231524",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1"
},
{
"name": "27531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27531"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "27515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27515"
},
{
"name": "27570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27570"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27613"
},
{
"name": "28368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28368"
},
{
"name": "SUSE-SR:2007:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "1018985",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1"
},
{
"name": "MDKSA-2007:207",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:207"
},
{
"name": "ADV-2007-4255",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4255"
},
{
"name": "20071112 FLEA-2007-0069-1 perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483584/100/0/threaded"
},
{
"name": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41",
"refsource": "CONFIRM",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"name": "perl-unicode-bo(38270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38270"
},
{
"name": "ftp://aix.software.ibm.com/aix/efixes/security/README",
"refsource": "CONFIRM",
"url": "ftp://aix.software.ibm.com/aix/efixes/security/README"
},
{
"name": "31208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31208"
},
{
"name": "28387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28387"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
},
{
"name": "ADV-2008-0064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0064"
},
{
"name": "28167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28167"
},
{
"name": "26350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26350"
},
{
"name": "20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5116",
"datePublished": "2007-11-07T20:00:00",
"dateReserved": "2007-09-27T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0377
Vulnerability from cvelistv5
Published
2004-04-06 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15732 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108118694327979&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://public.activestate.com/cgi-bin/perlbrowse?patch=22552 | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/722414 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities | x_refsource_MISC | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "perl-win32stat-bo(15732)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15732"
},
{
"name": "20040405 [Full-Disclosure] iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108118694327979\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://public.activestate.com/cgi-bin/perlbrowse?patch=22552"
},
{
"name": "VU#722414",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/722414"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=93\u0026type=vulnerabilities"
},
{
"name": "20040405 iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the win32_stat function for (1) ActiveState\u0027s ActivePerl and (2) Larry Wall\u0027s Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "perl-win32stat-bo(15732)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15732"
},
{
"name": "20040405 [Full-Disclosure] iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108118694327979\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://public.activestate.com/cgi-bin/perlbrowse?patch=22552"
},
{
"name": "VU#722414",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/722414"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.idefense.com/application/poi/display?id=93\u0026type=vulnerabilities"
},
{
"name": "20040405 iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the win32_stat function for (1) ActiveState\u0027s ActivePerl and (2) Larry Wall\u0027s Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "perl-win32stat-bo(15732)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15732"
},
{
"name": "20040405 [Full-Disclosure] iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108118694327979\u0026w=2"
},
{
"name": "http://public.activestate.com/cgi-bin/perlbrowse?patch=22552",
"refsource": "CONFIRM",
"url": "http://public.activestate.com/cgi-bin/perlbrowse?patch=22552"
},
{
"name": "VU#722414",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/722414"
},
{
"name": "http://www.idefense.com/application/poi/display?id=93\u0026type=vulnerabilities",
"refsource": "MISC",
"url": "http://www.idefense.com/application/poi/display?id=93\u0026type=vulnerabilities"
},
{
"name": "20040405 iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0377",
"datePublished": "2004-04-06T04:00:00",
"dateReserved": "2004-03-31T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-1386
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-01 17:11
Severity ?
EPSS score ?
Summary
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/rh50-errata-general.html#perl | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=88932165406213&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/7243.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"name": "19980308 another /tmp race: `perl -e\u0027 opens temp file not safely",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"name": "perl-e-tmp-symlink(7243)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7243.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1998-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"name": "19980308 another /tmp race: `perl -e\u0027 opens temp file not safely",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"name": "perl-e-tmp-symlink(7243)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7243.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"name": "19980308 another /tmp race: `perl -e\u0027 opens temp file not safely",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"name": "perl-e-tmp-symlink(7243)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7243.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1386",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0976
Vulnerability from cvelistv5
Published
2004-10-20 04:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2005-881.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/18075 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.trustix.org/errata/2004/0050 | vendor-advisory, x_refsource_TRUSTIX | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.debian.org/security/2004/dsa-620 | vendor-advisory, x_refsource_DEBIAN | |
| http://fedoranews.org/updates/FEDORA--.shtml | vendor-advisory, x_refsource_FEDORA | |
| http://marc.info/?l=bugtraq&m=110547693019788&w=2 | vendor-advisory, x_refsource_OPENPKG | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:031 | vendor-advisory, x_refsource_MANDRAKE | |
| http://secunia.com/advisories/17661 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/11294 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2005:881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"name": "script-temporary-file-overwrite(17583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "18075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18075"
},
{
"name": "2004-0050",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "oval:org.mitre.oval:def:9752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752"
},
{
"name": "DSA-620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"name": "FLSA-2006:152845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "OpenPKG-SA-2005.001",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110547693019788\u0026w=2"
},
{
"name": "MDKSA-2005:031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"name": "17661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17661"
},
{
"name": "11294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2005:881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"name": "script-temporary-file-overwrite(17583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "18075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18075"
},
{
"name": "2004-0050",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "oval:org.mitre.oval:def:9752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752"
},
{
"name": "DSA-620",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"name": "FLSA-2006:152845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "OpenPKG-SA-2005.001",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110547693019788\u0026w=2"
},
{
"name": "MDKSA-2005:031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"name": "17661",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17661"
},
{
"name": "11294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:881",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"name": "script-temporary-file-overwrite(17583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "18075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18075"
},
{
"name": "2004-0050",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "oval:org.mitre.oval:def:9752",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752"
},
{
"name": "DSA-620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"name": "FLSA-2006:152845",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "OpenPKG-SA-2005.001",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq\u0026m=110547693019788\u0026w=2"
},
{
"name": "MDKSA-2005:031",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"name": "17661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17661"
},
{
"name": "11294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0976",
"datePublished": "2004-10-20T04:00:00",
"dateReserved": "2004-10-19T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4278
Vulnerability from cvelistv5
Published
2005-12-16 11:00
Modified
2024-08-07 23:38
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2005/2119 | vdb-entry, x_refsource_VUPEN | |
| http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/55314 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17232 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/20086 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/15120 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2005-2119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2119"
},
{
"name": "GLSA-200510-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "17232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17232"
},
{
"name": "20086",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20086"
},
{
"name": "15120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2005-2119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2119"
},
{
"name": "GLSA-200510-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "17232",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17232"
},
{
"name": "20086",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20086"
},
{
"name": "15120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15120"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2119",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2119"
},
{
"name": "GLSA-200510-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "17232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17232"
},
{
"name": "20086",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20086"
},
{
"name": "15120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15120"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4278",
"datePublished": "2005-12-16T11:00:00",
"dateReserved": "2005-12-16T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0156
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:24.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050207 DMA[2005-0131b] - \u0027Setuid Perl PERLIO_DEBUG",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=110779721503111\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/DMA%5B2005-0131b%5D.txt"
},
{
"name": "12426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12426"
},
{
"name": "RHSA-2005:105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name": "14120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14120"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "RHSA-2005:103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name": "oval:org.mitre.oval:def:10803",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "20050202 [USN-72-1] Perl vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110737149402683\u0026w=2"
},
{
"name": "CLSA-2006:1056",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "FLSA-2006:152845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "MDKSA-2005:031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"name": "perl-perliodebug-bo(19208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19208"
},
{
"name": "GLSA-200502-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050207 DMA[2005-0131b] - \u0027Setuid Perl PERLIO_DEBUG",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=110779721503111\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/DMA%5B2005-0131b%5D.txt"
},
{
"name": "12426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12426"
},
{
"name": "RHSA-2005:105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name": "14120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14120"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "RHSA-2005:103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name": "oval:org.mitre.oval:def:10803",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "20050202 [USN-72-1] Perl vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110737149402683\u0026w=2"
},
{
"name": "CLSA-2006:1056",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "FLSA-2006:152845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "MDKSA-2005:031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"name": "perl-perliodebug-bo(19208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19208"
},
{
"name": "GLSA-200502-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050207 DMA[2005-0131b] - \u0027Setuid Perl PERLIO_DEBUG",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=110779721503111\u0026w=2"
},
{
"name": "http://www.digitalmunition.com/DMA[2005-0131b].txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA[2005-0131b].txt"
},
{
"name": "12426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12426"
},
{
"name": "RHSA-2005:105",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name": "14120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14120"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "RHSA-2005:103",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name": "oval:org.mitre.oval:def:10803",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "20050202 [USN-72-1] Perl vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110737149402683\u0026w=2"
},
{
"name": "CLSA-2006:1056",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "FLSA-2006:152845",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "MDKSA-2005:031",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"name": "perl-perliodebug-bo(19208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19208"
},
{
"name": "GLSA-200502-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0156",
"datePublished": "2005-02-07T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:24.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0900
Vulnerability from cvelistv5
Published
2005-04-14 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:36:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0900",
"datePublished": "2005-04-14T04:00:00",
"dateReserved": "2003-10-29T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2286
Vulnerability from cvelistv5
Published
2005-08-04 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16224 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10380 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "perl-duplication-bo(16224)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"
},
{
"name": "10380",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10380"
},
{
"name": "20040517 RE: [Full-Disclosure] Buffer Overflow in ActivePerl ?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "perl-duplication-bo(16224)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"
},
{
"name": "10380",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10380"
},
{
"name": "20040517 RE: [Full-Disclosure] Buffer Overflow in ActivePerl ?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "perl-duplication-bo(16224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"
},
{
"name": "10380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10380"
},
{
"name": "20040517 RE: [Full-Disclosure] Buffer Overflow in ActivePerl ?",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2286",
"datePublished": "2005-08-04T04:00:00",
"dateReserved": "2005-08-04T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0155
Vulnerability from cvelistv5
Published
2005-02-07 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:24.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12426"
},
{
"name": "21646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21646"
},
{
"name": "RHSA-2005:105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name": "14120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14120"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "RHSA-2005:103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name": "perl-perliodebug-file-overwrite(19207)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19207"
},
{
"name": "20050202 [USN-72-1] Perl vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110737149402683\u0026w=2"
},
{
"name": "CLSA-2006:1056",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "FLSA-2006:152845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "oval:org.mitre.oval:def:10404",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404"
},
{
"name": "MDKSA-2005:031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"name": "20050207 DMA[2005-0131a] - \u0027Setuid Perl PERLIO_DEBUG root owned file creation\u0027",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=110779723332339\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/DMA%5B2005-0131a%5D.txt"
},
{
"name": "GLSA-200502-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12426"
},
{
"name": "21646",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21646"
},
{
"name": "RHSA-2005:105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name": "14120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14120"
},
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "RHSA-2005:103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name": "perl-perliodebug-file-overwrite(19207)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19207"
},
{
"name": "20050202 [USN-72-1] Perl vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110737149402683\u0026w=2"
},
{
"name": "CLSA-2006:1056",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "FLSA-2006:152845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "oval:org.mitre.oval:def:10404",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404"
},
{
"name": "MDKSA-2005:031",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"name": "20050207 DMA[2005-0131a] - \u0027Setuid Perl PERLIO_DEBUG root owned file creation\u0027",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=110779723332339\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/DMA%5B2005-0131a%5D.txt"
},
{
"name": "GLSA-200502-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12426"
},
{
"name": "21646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21646"
},
{
"name": "RHSA-2005:105",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name": "14120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14120"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "RHSA-2005:103",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name": "perl-perliodebug-file-overwrite(19207)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19207"
},
{
"name": "20050202 [USN-72-1] Perl vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110737149402683\u0026w=2"
},
{
"name": "CLSA-2006:1056",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "FLSA-2006:152845",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "oval:org.mitre.oval:def:10404",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404"
},
{
"name": "MDKSA-2005:031",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"name": "20050207 DMA[2005-0131a] - \u0027Setuid Perl PERLIO_DEBUG root owned file creation\u0027",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=110779723332339\u0026w=2"
},
{
"name": "http://www.digitalmunition.com/DMA[2005-0131a].txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA[2005-0131a].txt"
},
{
"name": "GLSA-200502-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0155",
"datePublished": "2005-02-07T05:00:00",
"dateReserved": "2005-01-27T00:00:00",
"dateUpdated": "2024-08-07T21:05:24.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0448
Vulnerability from cvelistv5
Published
2005-03-12 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-696",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-696"
},
{
"name": "HPSBUX01208",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/8704"
},
{
"name": "RHSA-2005:881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"name": "MDKSA-2005:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:079"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "18075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18075"
},
{
"name": "12767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12767"
},
{
"name": "CLSA-2006:1056",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "oval:org.mitre.oval:def:10475",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475"
},
{
"name": "20060101-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "FLSA-2006:152845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "oval:org.mitre.oval:def:728",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728"
},
{
"name": "GLSA-200501-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"name": "18517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18517"
},
{
"name": "RHSA-2005:674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-674.html"
},
{
"name": "17079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17079"
},
{
"name": "14531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14531"
},
{
"name": "USN-94-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/94-1/"
},
{
"name": "SSRT5938",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/8704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-696",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-696"
},
{
"name": "HPSBUX01208",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/advisories/8704"
},
{
"name": "RHSA-2005:881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"name": "MDKSA-2005:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:079"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "18075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18075"
},
{
"name": "12767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12767"
},
{
"name": "CLSA-2006:1056",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "oval:org.mitre.oval:def:10475",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475"
},
{
"name": "20060101-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "FLSA-2006:152845",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "oval:org.mitre.oval:def:728",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728"
},
{
"name": "GLSA-200501-38",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"name": "18517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18517"
},
{
"name": "RHSA-2005:674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-674.html"
},
{
"name": "17079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17079"
},
{
"name": "14531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14531"
},
{
"name": "USN-94-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/94-1/"
},
{
"name": "SSRT5938",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/advisories/8704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-0448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-696",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-696"
},
{
"name": "HPSBUX01208",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/8704"
},
{
"name": "RHSA-2005:881",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"name": "MDKSA-2005:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:079"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "18075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18075"
},
{
"name": "12767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12767"
},
{
"name": "CLSA-2006:1056",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "oval:org.mitre.oval:def:10475",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475"
},
{
"name": "20060101-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "FLSA-2006:152845",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "oval:org.mitre.oval:def:728",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728"
},
{
"name": "GLSA-200501-38",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"name": "18517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18517"
},
{
"name": "RHSA-2005:674",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-674.html"
},
{
"name": "17079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17079"
},
{
"name": "14531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14531"
},
{
"name": "USN-94-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/94-1/"
},
{
"name": "SSRT5938",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/8704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-0448",
"datePublished": "2005-03-12T05:00:00",
"dateReserved": "2005-02-16T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0703
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:28
Severity ?
EPSS score ?
Summary
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html | vendor-advisory, x_refsource_TURBO | |
| http://www.securityfocus.com/bid/1547 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2000-048.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt | vendor-advisory, x_refsource_CALDERA | |
| http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.novell.com/linux/security/advisories/suse_security_announce_59.html | vendor-advisory, x_refsource_SUSE | |
| http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TLSA2000018-1",
"tags": [
"vendor-advisory",
"x_refsource_TURBO",
"x_transferred"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html"
},
{
"name": "1547",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1547"
},
{
"name": "RHSA-2000:048",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-048.html"
},
{
"name": "CSSA-2000-026.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt"
},
{
"name": "20000808 MDKSA-2000:031 perl update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html"
},
{
"name": "20000814 Trustix Security Advisory - perl and mailx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html"
},
{
"name": "20000805 sperl 5.00503 (and newer ;) exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html"
},
{
"name": "20000810 Security Hole in perl, all versions",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_59.html"
},
{
"name": "20000810 Conectiva Linux security announcemente - PERL",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "suidperl (aka sperl) does not properly cleanse the escape sequence \"~!\" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the \"interactive\" environmental variable and calling suidperl with a filename that contains the escape sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "TLSA2000018-1",
"tags": [
"vendor-advisory",
"x_refsource_TURBO"
],
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html"
},
{
"name": "1547",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1547"
},
{
"name": "RHSA-2000:048",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-048.html"
},
{
"name": "CSSA-2000-026.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt"
},
{
"name": "20000808 MDKSA-2000:031 perl update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html"
},
{
"name": "20000814 Trustix Security Advisory - perl and mailx",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html"
},
{
"name": "20000805 sperl 5.00503 (and newer ;) exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html"
},
{
"name": "20000810 Security Hole in perl, all versions",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_59.html"
},
{
"name": "20000810 Conectiva Linux security announcemente - PERL",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "suidperl (aka sperl) does not properly cleanse the escape sequence \"~!\" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the \"interactive\" environmental variable and calling suidperl with a filename that contains the escape sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TLSA2000018-1",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html"
},
{
"name": "1547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1547"
},
{
"name": "RHSA-2000:048",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-048.html"
},
{
"name": "CSSA-2000-026.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt"
},
{
"name": "20000808 MDKSA-2000:031 perl update",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html"
},
{
"name": "20000814 Trustix Security Advisory - perl and mailx",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html"
},
{
"name": "20000805 sperl 5.00503 (and newer ;) exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html"
},
{
"name": "20000810 Security Hole in perl, all versions",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_59.html"
},
{
"name": "20000810 Conectiva Linux security announcemente - PERL",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0703",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-09-19T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0034
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:27
Severity ?
EPSS score ?
Summary
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:27:57.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in suidperl (sperl), Perl 4.x and 5.x."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T06:28:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in suidperl (sperl), Perl 4.x and 5.x."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0034",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:27:57.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2004-12-21 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| larry_wall | perl | 5.6.1 | |
| larry_wall | perl | 5.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7530A863-0FFF-4332-8E6F-4329AB4DE5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5E5A51-ED4C-4927-8C4D-502E79391E19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack."
}
],
"id": "CVE-2004-0452",
"lastModified": "2024-11-20T23:48:36.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-21T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110547693019788\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12991"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18517"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12072"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18650"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"
},
{
"source": "cve@mitre.org",
"url": "https://www.ubuntu.com/usn/usn-44-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110547693019788\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.ubuntu.com/usn/usn-44-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-07 23:46
Modified
2024-11-21 00:37
Severity ?
Summary
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s390:*:*:*:*:*",
"matchCriteriaId": "4567FE5A-5061-4741-AA6D-4AB365579F8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19D64247-F0A0-4984-84EA-B63FC901F002",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7AD2F3-451D-4F37-A6F3-DE676804BBA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "5FE8C9E7-15C3-4F89-8E54-C9691FAD4E4C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*",
"matchCriteriaId": "327FEE54-79EC-4B5E-B838-F3C61FCDF48E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*",
"matchCriteriaId": "056C1C15-D110-4309-A9A6-41BD753FE4F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*",
"matchCriteriaId": "08392974-5AC1-4B12-893F-3F733EF05F80",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*",
"matchCriteriaId": "49EF5B77-9BC9-4AE8-A677-48E5E576BE63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*",
"matchCriteriaId": "36389D32-61C1-4487-8399-FA7D2864FACD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*",
"matchCriteriaId": "49B67F74-AF8F-4A27-AA8A-A8479E256A9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:client:*:*:*:*:*",
"matchCriteriaId": "3AA8F2EC-55E9-4529-A816-B5D495605F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*",
"matchCriteriaId": "40D71CBC-D365-4710-BAB5-8A1159F35E41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
"matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD12BC0-1E50-49C6-AD0D-8CE90F0E8449",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D30E072-9E6A-49B4-A5C7-63A328598A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "434F0580-985F-42AF-BA10-FAB7E2C23ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18B179E0-C843-46C9-AAD2-78E998175E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5E5A51-ED4C-4927-8C4D-502E79391E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "171C82CB-2E92-4D41-B1B1-DCFE929E8270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25633253-D9DE-41F0-A787-D0E8B2B3B9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDF9611-E4E2-4059-B45E-D3A61AC9DB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49A9D197-D889-4BE4-BE7A-2EE9536A7498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A4538C-3870-431E-A225-D8523D77A4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C8233B3A-E09D-425B-B1A1-65CD170FD384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4E35450A-07C3-40B9-88FA-3ACCA498F019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77FF1412-A7DA-4669-8AE1-5A529AB387FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
"matchCriteriaId": "D342447B-5233-45FD-B1CF-8D84921402AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:1.0:*:application_stack:*:*:*:*:*",
"matchCriteriaId": "BCCA408D-B65C-45F3-80E8-3B8D4ACE047C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el soporte opcode polim\u00f3rfico del Motor de Expresiones Regulares (regcomp.c) en Perl 5.8 permite a atacantes dependientes de contexto ejecutar c\u00f3digo de su elecci\u00f3n cambiando de byte a caracteres Unicode (UTF) en una expresi\u00f3n regular."
}
],
"id": "CVE-2007-5116",
"lastModified": "2024-11-21T00:37:09.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-07T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://aix.software.ibm.com/aix/efixes/security/README"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=120352263023774\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=120352263023774\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27479"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27515"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27531"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27546"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27548"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27570"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27613"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27756"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27936"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28167"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28368"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28387"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28993"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29074"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31208"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018899"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1400"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:207"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0966.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1011.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483563/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483584/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26350"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-552-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3724"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4255"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0064"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0641"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=378131"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38270"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1813"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://aix.software.ibm.com/aix/efixes/security/README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=120352263023774\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=120352263023774\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0966.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483563/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483584/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485936/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486859/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-552-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=378131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| larry_wall | perl | 5.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "434F0580-985F-42AF-BA10-FAB7E2C23ED0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers."
}
],
"id": "CVE-2003-0900",
"lastModified": "2024-11-20T23:45:45.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| larry_wall | perl | 5.8.0 | |
| larry_wall | perl | 5.8.1 | |
| larry_wall | perl | 5.8.3 | |
| larry_wall | perl | 5.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D30E072-9E6A-49B4-A5C7-63A328598A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "434F0580-985F-42AF-BA10-FAB7E2C23ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18B179E0-C843-46C9-AAD2-78E998175E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5E5A51-ED4C-4927-8C4D-502E79391E19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452."
}
],
"id": "CVE-2005-0448",
"lastModified": "2024-11-20T23:55:08.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "security@debian.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"source": "security@debian.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"source": "security@debian.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/14531"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17079"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/18075"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/18517"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-696"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"source": "security@debian.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:079"
},
{
"source": "security@debian.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-674.html"
},
{
"source": "security@debian.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/advisories/8704"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/advisories/8704"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/12767"
},
{
"source": "security@debian.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475"
},
{
"source": "security@debian.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728"
},
{
"source": "security@debian.org",
"url": "https://usn.ubuntu.com/94-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-674.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/8704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/8704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/94-1/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-16 11:03
Modified
2024-11-21 00:03
Severity ?
Summary
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| larry_wall | perl | * | |
| larry_wall | perl | 5.3 | |
| larry_wall | perl | 5.4 | |
| larry_wall | perl | 5.4.5 | |
| larry_wall | perl | 5.5 | |
| larry_wall | perl | 5.5.3 | |
| larry_wall | perl | 5.6.1 | |
| larry_wall | perl | 5.8.0 | |
| larry_wall | perl | 5.8.1 | |
| larry_wall | perl | 5.8.3 | |
| larry_wall | perl | 5.8.4 | |
| larry_wall | perl | 5.8.4.1 | |
| larry_wall | perl | 5.8.4.2 | |
| larry_wall | perl | 5.8.4.2.3 | |
| larry_wall | perl | 5.8.4.3 | |
| larry_wall | perl | 5.8.4.4 | |
| larry_wall | perl | 5.8.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:larry_wall:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5869CF-E0BD-4091-B7AA-7722F39EAF0D",
"versionEndIncluding": "5.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D64BFC-E974-460C-A635-7319676049A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBFF691-770C-4181-BB40-14BD1B90F705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EF5BB8-FFEA-4927-A289-3C9A7ADEC6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB034FE1-9575-45B4-9E8F-1B068E3ED1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7F3D2-FE93-4F2F-B8FB-F2A7869502FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7530A863-0FFF-4332-8E6F-4329AB4DE5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D30E072-9E6A-49B4-A5C7-63A328598A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "434F0580-985F-42AF-BA10-FAB7E2C23ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18B179E0-C843-46C9-AAD2-78E998175E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5E5A51-ED4C-4927-8C4D-502E79391E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "171C82CB-2E92-4D41-B1B1-DCFE929E8270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25633253-D9DE-41F0-A787-D0E8B2B3B9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDF9611-E4E2-4059-B45E-D3A61AC9DB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49A9D197-D889-4BE4-BE7A-2EE9536A7498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A4538C-3870-431E-A225-D8523D77A4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C8233B3A-E09D-425B-B1A1-65CD170FD384",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH."
}
],
"id": "CVE-2005-4278",
"lastModified": "2024-11-21T00:03:52.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-16T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17232"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20086"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15120"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2119"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2024-11-20 23:33
Severity ?
Summary
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| larry_wall | perl | 5.4.5 | |
| larry_wall | perl | 5.5 | |
| larry_wall | perl | 5.5.3 | |
| larry_wall | perl | 5.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EF5BB8-FFEA-4927-A289-3C9A7ADEC6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB034FE1-9575-45B4-9E8F-1B068E3ED1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7F3D2-FE93-4F2F-B8FB-F2A7869502FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6112C9-0E67-47D3-94A7-0D0254ECF27F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "suidperl (aka sperl) does not properly cleanse the escape sequence \"~!\" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the \"interactive\" environmental variable and calling suidperl with a filename that contains the escape sequence."
}
],
"id": "CVE-2000-0703",
"lastModified": "2024-11-20T23:33:06.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_59.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1547"
},
{
"source": "cve@mitre.org",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_59.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-07 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| larry_wall | perl | 5.8.0 | |
| larry_wall | perl | 5.8.1 | |
| larry_wall | perl | 5.8.3 | |
| larry_wall | perl | 5.8.4 | |
| larry_wall | perl | 5.8.4.1 | |
| larry_wall | perl | 5.8.4.2 | |
| larry_wall | perl | 5.8.4.2.3 | |
| larry_wall | perl | 5.8.4.3 | |
| larry_wall | perl | 5.8.4.4 | |
| larry_wall | perl | 5.8.4.5 | |
| sgi | propack | 3.0 | |
| ibm | aix | 5.2 | |
| ibm | aix | 5.3 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux_desktop | 3.0 | |
| redhat | fedora_core | core_3.0 | |
| suse | suse_linux | 8.0 | |
| suse | suse_linux | 8.0 | |
| suse | suse_linux | 8.1 | |
| suse | suse_linux | 8.2 | |
| suse | suse_linux | 9.0 | |
| suse | suse_linux | 9.0 | |
| suse | suse_linux | 9.1 | |
| suse | suse_linux | 9.2 | |
| trustix | secure_linux | 1.5 | |
| trustix | secure_linux | 2.0 | |
| trustix | secure_linux | 2.1 | |
| trustix | secure_linux | 2.2 | |
| ubuntu | ubuntu_linux | 4.1 | |
| ubuntu | ubuntu_linux | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D30E072-9E6A-49B4-A5C7-63A328598A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "434F0580-985F-42AF-BA10-FAB7E2C23ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18B179E0-C843-46C9-AAD2-78E998175E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5E5A51-ED4C-4927-8C4D-502E79391E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "171C82CB-2E92-4D41-B1B1-DCFE929E8270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25633253-D9DE-41F0-A787-D0E8B2B3B9F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDF9611-E4E2-4059-B45E-D3A61AC9DB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49A9D197-D889-4BE4-BE7A-2EE9536A7498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A4538C-3870-431E-A225-D8523D77A4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C8233B3A-E09D-425B-B1A1-65CD170FD384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
"matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
"matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28CD54FE-D682-4063-B7C3-8B29B26B39AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*",
"matchCriteriaId": "37F124FE-15F1-49D7-9E03-8E036CE1A20C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C55338-3372-413F-82E3-E1B476D6F41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFB33BF-F6A5-48C1-AEB5-194FCBCFC958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "56EF103F-5668-4754-A83B-D3662D0CE815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB70F82-52BB-4D0D-9A24-9AF67278466D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree."
}
],
"id": "CVE-2005-0156",
"lastModified": "2024-11-20T23:54:32.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110737149402683\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=110779721503111\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14120"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalmunition.com/DMA%5B2005-0131b%5D.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12426"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19208"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110737149402683\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=110779721503111\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalmunition.com/DMA%5B2005-0131b%5D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1997-05-29 04:00
Modified
2024-11-20 23:27
Severity ?
Summary
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D64BFC-E974-460C-A635-7319676049A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:freeware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7970668-A80C-461D-A779-A8A6880D319B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:freeware:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D6C767-472A-4C09-B06F-C73537E764DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:bsdi:bsd_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "766851E2-134A-4A89-931B-6F1753525684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:bsdi:bsd_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99235B00-0050-42BF-99EF-FCDD72D8627D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9092D88-585D-4A0C-B181-E8D93563C74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8211154-6685-4FF0-B3ED-43A5E5763A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F299301C-6BFC-436C-9CFD-2E291D3702AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in suidperl (sperl), Perl 4.x and 5.x."
}
],
"id": "CVE-1999-0034",
"lastModified": "2024-11-20T23:27:40.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1997-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-09 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| larry_wall | perl | 5.6 | |
| larry_wall | perl | 5.6.1 | |
| larry_wall | perl | 5.8.0 | |
| larry_wall | perl | 5.8.1 | |
| larry_wall | perl | 5.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6112C9-0E67-47D3-94A7-0D0254ECF27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7530A863-0FFF-4332-8E6F-4329AB4DE5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D30E072-9E6A-49B4-A5C7-63A328598A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "434F0580-985F-42AF-BA10-FAB7E2C23ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18B179E0-C843-46C9-AAD2-78E998175E41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
}
],
"id": "CVE-2004-0976",
"lastModified": "2024-11-20T23:49:48.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110547693019788\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17661"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18075"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11294"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110547693019788\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140058\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-04 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| activestate | activeperl | * | |
| larry_wall | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:activestate:activeperl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86BADAC0-8A7B-4348-A78C-BAAFD8A784FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6851ACEC-141C-40B2-B6E1-CD52D979CE37",
"versionEndIncluding": "5.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the win32_stat function for (1) ActiveState\u0027s ActivePerl and (2) Larry Wall\u0027s Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n win32_stat de \r\n\r\nActivePerl de ActiveState, y \r\nPerl de Larry Wall anterior a 5.8.3\r\n\r\npermite a atacantes remotos ejecutar comandos arbitrarios mediante nombres de fichero que terminan en un car\u00e1cter \"\" (barra invertida)."
}
],
"id": "CVE-2004-0377",
"lastModified": "2024-11-20T23:48:27.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108118694327979\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://public.activestate.com/cgi-bin/perlbrowse?patch=22552"
},
{
"source": "cve@mitre.org",
"url": "http://www.idefense.com/application/poi/display?id=93\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/722414"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108118694327979\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://public.activestate.com/cgi-bin/perlbrowse?patch=22552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.idefense.com/application/poi/display?id=93\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/722414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15732"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| activestate | activeperl | 5.6.1 | |
| activestate | activeperl | 5.6.1.630 | |
| activestate | activeperl | 5.6.2 | |
| activestate | activeperl | 5.6.3 | |
| activestate | activeperl | 5.7.1 | |
| activestate | activeperl | 5.7.2 | |
| activestate | activeperl | 5.7.3 | |
| activestate | activeperl | 5.8 | |
| activestate | activeperl | 5.8.1 | |
| activestate | activeperl | 5.8.3 | |
| larry_wall | perl | 5.3 | |
| larry_wall | perl | 5.4 | |
| larry_wall | perl | 5.4.5 | |
| larry_wall | perl | 5.5 | |
| larry_wall | perl | 5.5.3 | |
| larry_wall | perl | 5.6 | |
| larry_wall | perl | 5.6.1 | |
| larry_wall | perl | 5.8.0 | |
| larry_wall | perl | 5.8.1 | |
| larry_wall | perl | 5.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:activestate:activeperl:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "946C2AD2-EAEE-473E-9A3C-827FA3D89D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:activestate:activeperl:5.6.1.630:*:*:*:*:*:*:*",
"matchCriteriaId": "4921CDAF-E4D5-4AED-8FD9-1E506105A5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:activestate:activeperl:5.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1DA7BF-DAB4-47F9-BE5B-808E8FFFC83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:activestate:activeperl:5.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B92CD6-8E90-4737-B5E3-1AA61A030809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:activestate:activeperl:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA00BED-7C68-4BEA-93CE-8A064F4A8624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:activestate:activeperl:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB52D21C-3164-40E3-80CC-3DE2F351CBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:activestate:activeperl:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "658D6331-3F95-4D93-A244-4AD60B109CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:activestate:activeperl:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "20B2F92E-AE6D-4C99-8835-798D52121D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:activestate:activeperl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0C48FF-44CF-4F62-BC1E-D8C6AE6A774E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:activestate:activeperl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE970B5C-AB40-46B8-A03C-C5597C06A438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D64BFC-E974-460C-A635-7319676049A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBFF691-770C-4181-BB40-14BD1B90F705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7EF5BB8-FFEA-4927-A289-3C9A7ADEC6BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB034FE1-9575-45B4-9E8F-1B068E3ED1CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7F3D2-FE93-4F2F-B8FB-F2A7869502FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6112C9-0E67-47D3-94A7-0D0254ECF27F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7530A863-0FFF-4332-8E6F-4329AB4DE5FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D30E072-9E6A-49B4-A5C7-63A328598A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "434F0580-985F-42AF-BA10-FAB7E2C23ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18B179E0-C843-46C9-AAD2-78E998175E41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow."
}
],
"id": "CVE-2004-2286",
"lastModified": "2024-11-20T23:52:57.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10380"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| larry_wall | perl | 5.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D30E072-9E6A-49B4-A5C7-63A328598A68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable."
}
],
"id": "CVE-2005-0155",
"lastModified": "2024-11-20T23:54:32.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110737149402683\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=110779723332339\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14120"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21646"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalmunition.com/DMA%5B2005-0131a%5D.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12426"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19207"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110737149402683\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=110779723332339\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalmunition.com/DMA%5B2005-0131a%5D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}