ID CVE-2005-0077
Summary The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:3.0:*:woody:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.0:*:woody:*:*:*:*:*
  • cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.10:*:*:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu_linux:4.10:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 19-10-2018 - 15:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
oval via4
accepted 2013-04-29T04:06:39.204-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
family unix
id oval:org.mitre.oval:def:10552
status accepted
submitted 2010-07-09T03:56:16-04:00
title arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.
version 22
redhat via4
advisories
rhsa
id RHSA-2005:072
refmap via4
bid 12360
bugtraq 20050125 [USN-70-1] Perl DBI module vulnerability
debian DSA-658
fedora FLSA-2006:178989
gentoo GLSA-200501-38
mandrake MDKSA-2005:030
sectrack 1013007
secunia
  • 14015
  • 14050
xf dbi-library-file-overwrite(19068)
Last major update 19-10-2018 - 15:31
Published 02-05-2005 - 04:00
Back to Top