Summary
The remote host is missing an update to perl
announced via advisory DSA 620-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20620-1
Insight
Several vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2004-0452
Jeroen van Wolffelaar discovered that the rmtree() function in the File::Path module removes directory trees in an insecure manner which could lead to the removal of arbitrary files and directories through a symlink attack.
CVE-2004-0976
Trustix developers discovered several insecure uses of temporary files in many modules which allow a local attacker to overwrite files via a symlink attack.
For the stable distribution (woody) these problems have been fixed in version 5.6.1-8.8.
For the unstable distribution (sid) these problems have been fixed in version 5.8.4-5.
We recommend that you upgrade your perl packages.
Severity
Classification
-
CVE CVE-2004-0452, CVE-2004-0976 -
CVSS Base Score: 2.6
AV:L/AC:H/Au:N/C:N/I:P/A:P
Related Vulnerabilities