Debian Security Advisory DSA 658-1 (libdbi-perl) Network Vulnerability

Summary

The remote host is missing an update to libdbi-perl announced via advisory DSA 658-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20658-1

Insight

Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a tmporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library. For the stable distribution (woody) this problem has been fixed in version 1.21-2woody2. For the unstable distribution (sid) this problem has been fixed in version 1.46-6. We recommend that you upgrade your libdbi-perl package.

Severity

Classification

CVE CVE-2005-0077

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1013-1 (snmptrapfmt)
Debian Security Advisory DSA 2149-1 (dbus)
Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)
Debian Security Advisory DSA 1047-1 (resmgr)
Debian Security Advisory DSA 1314-1 (open-iscsi)

Take action and discover your vulnerabilities