ID CVE-2004-0976
Summary Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
References
Vulnerable Configurations
  • cpe:2.3:a:larry_wall:perl:5.6
    cpe:2.3:a:larry_wall:perl:5.6
  • cpe:2.3:a:larry_wall:perl:5.6.1
    cpe:2.3:a:larry_wall:perl:5.6.1
  • cpe:2.3:a:larry_wall:perl:5.8.0
    cpe:2.3:a:larry_wall:perl:5.8.0
  • cpe:2.3:a:larry_wall:perl:5.8.1
    cpe:2.3:a:larry_wall:perl:5.8.1
  • cpe:2.3:a:larry_wall:perl:5.8.3
    cpe:2.3:a:larry_wall:perl:5.8.3
CVSS
Base: 2.1 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200412-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-200412-04 (Perl: Insecure temporary file creation) Some Perl modules create temporary files in world-writable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When a Perl script is executed, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 15921
    published 2004-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15921
    title GLSA-200412-04 : Perl: Insecure temporary file creation
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-620.NASL
    description Several vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0452 Jeroen van Wolffelaar discovered that the rmtree() function in the File::Path module removes directory trees in an insecure manner which could lead to the removal of arbitrary files and directories through a symlink attack. - CAN-2004-0976 Trustix developers discovered several insecure uses of temporary files in many modules which allow a local attacker to overwrite files via a symlink attack.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 16073
    published 2005-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16073
    title Debian DSA-620-1 : perl - insecure temporary files / directories
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-031.NASL
    description Jeroen van Wolffelaar discovered that the rmtree() function in the perl File::Path module would remove directories in an insecure manner which could lead to the removal of arbitrary files and directories via a symlink attack (CVE-2004-0452). Trustix developers discovered several insecure uses of temporary files in many modules which could allow a local attacker to overwrite files via symlink attacks (CVE-2004-0976). 'KF' discovered two vulnerabilities involving setuid-enabled perl scripts. By setting the PERLIO_DEBUG environment variable and calling an arbitrary setuid-root perl script, an attacker could overwrite arbitrary files with perl debug messages (CVE-2005-0155). As well, calling a setuid-root perl script with a very long path would cause a buffer overflow if PERLIO_DEBUG was set, which could be exploited to execute arbitrary files with root privileges (CVE-2005-0156). The provided packages have been patched to resolve these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 16360
    published 2005-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16360
    title Mandrake Linux Security Advisory : perl (MDKSA-2005:031)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-881.NASL
    description Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl's format string processor. It is possible for an attacker to cause perl to crash or execute arbitrary code if the attacker is able to process a malicious format string. This issue is only exploitable through a script wich passes arbitrary untrusted strings to the format string processor. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3962 to this issue. Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module removed directory trees. If a local user has write permissions to a subdirectory within the tree being removed by File::Path::rmtree, it is possible for them to create setuid binary files. (CVE-2005-0448) Solar Designer discovered several temporary file bugs in various Perl modules. A local attacker could overwrite or create files as the user running a Perl script that uses a vulnerable module. (CVE-2004-0976) Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues as well as fixes for several bugs.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 20367
    published 2005-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20367
    title RHEL 3 : perl (RHSA-2005:881)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-881.NASL
    description Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl's format string processor. It is possible for an attacker to cause perl to crash or execute arbitrary code if the attacker is able to process a malicious format string. This issue is only exploitable through a script wich passes arbitrary untrusted strings to the format string processor. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3962 to this issue. Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module removed directory trees. If a local user has write permissions to a subdirectory within the tree being removed by File::Path::rmtree, it is possible for them to create setuid binary files. (CVE-2005-0448) Solar Designer discovered several temporary file bugs in various Perl modules. A local attacker could overwrite or create files as the user running a Perl script that uses a vulnerable module. (CVE-2004-0976) Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues as well as fixes for several bugs.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21877
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21877
    title CentOS 3 : perl (CESA-2005:881)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-16-1.NASL
    description Recently, Trustix Secure Linux discovered some vulnerabilities in the perl package. The utility 'instmodsh', the Perl package 'PPPort.pm', and several test scripts (which are not shipped and only used during build) created temporary files in an insecure way, which could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program, or building the perl package, respectively. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20564
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20564
    title Ubuntu 4.10 : perl vulnerabilities (USN-16-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-1116.NASL
    description Fixes security vulnerabilites: CVE-2005-3962: http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2 CVE-2005-3912: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912 CVE-2005-0452: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0452 CVE-2004-0976: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20258
    published 2005-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20258
    title Fedora Core 3 : perl-5.8.5-18.FC3 (2005-1116)
oval via4
accepted 2013-04-29T04:21:52.119-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
family unix
id oval:org.mitre.oval:def:9752
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
version 23
redhat via4
advisories
rhsa
id RHSA-2005:881
refmap via4
bid 11294
debian DSA-620
fedora FLSA-2006:152845
mandrake MDKSA-2005:031
openpkg OpenPKG-SA-2005.001
secunia
  • 17661
  • 18075
trustix 2004-0050
xf script-temporary-file-overwrite(17583)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140058 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 17-10-2016 - 22:50
Published 09-02-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top