Pardus: Perl Symlink Attack
Posted by Bill Keys   
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack.
-----------------------------------------------------------------------
Pardus Linux Security Advisory 2008-89            security@pardus.org.tr
------------------------------------------------------------------------
     Date: 2008-12-24
 Severity: 3
     Type: Remote
------------------------------------------------------------------------

Summary
=======

Race condition in the rmtree  function  in  File::Path  1.08  and  2.07
(lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create
arbitrary setuid binaries via a symlink attack.


Description
===========

NOTE: this is a  regression  error  related  to  CVE-2005-0448.  It  is
different from CVE-2008-5303 due to affected versions.


Affected packages:

 Pardus 2008:
   perl-doc, all before 5.10.0-21-5
   perl, all before 5.10.0-21-5

 Pardus 2007:
   perl-doc, all before 5.8.8-19-12
   perl, all before 5.8.8-19-12
   libperl, all before 5.8.8-19-12



Resolution
==========

There are update(s) for perl-doc, perl, libperl. You can update them via
Package Manager or with a single command from console:

 Pardus 2008:
   pisi up perl-doc perl

 Pardus 2007:
   pisi up perl-doc perl libperl


References
==========

 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5302
 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5303
 * http://bugs.pardus.org.tr/show_bug.cgi?id=8773

------------------------------------------------------------------------

--
Pardus Security Team
http://security.pardus.org.tr


_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security