FreeBSD Ports: Perl Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades.

Insight

The following package is affected: perl CVE-2005-0155 The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. CVE-2005-0156 Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

Severity

Classification

CVE CVE-2005-0155, CVE-2005-0156

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: clamav
FreeBSD Ports: bind
FreeBSD Ports: acroread4, acroread5
FreeBSD Ports: apache
FreeBSD Ports: asterisk

FreeBSD Ports: perl

Take action and discover your vulnerabilities