Description
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Product(s):
- Larry Wall Perl 5.8.0
- Larry Wall Perl 5.8.1
- Larry Wall Perl 5.8.3
- Larry Wall Perl 5.8.4.1
- Larry Wall Perl 5.8.4.2.3
- Larry Wall Perl 5.8.4.2
- Larry Wall Perl 5.8.4.3
- Larry Wall Perl 5.8.4.4
- Larry Wall Perl 5.8.4.5
- Larry Wall Perl 5.8.4
- SGI ProPack 3.0
- IBM AIX 5.2
- IBM AIX 5.3
- IBM AIX 5.3 sp6
- Red Hat Enterprise Linux 3.0 Advanced Server Edition
- Red Hat Enterprise Linux 3.0 Enterprise Server Edition
- Red Hat Enterprise Linux 3.0 Workstation Server Edition
- Red Hat Desktop 3.0
- Red Hat Fedora Core Core 3.0
- SuSE SuSE Linux 8.0
- SUSE Linux 8.0 on i386
- SuSE SuSE Linux 8.0 alpha
- SuSE SuSE Linux 8.1
- SuSE SuSE Linux 8.2
- SuSE SuSE Linux 9.0
- Suse Suse Linux 9.0 Enterprise Server Edition
- SUSE Linux 9.0 x86_64
- SuSE SuSE Linux 9.1
- SuSE SuSE Linux 9.2
- Trustix Secure Linux 1.5
- Trustix Secure Linux 2.0
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.2
- Ubuntu Linux 4.1 on IA64
- Ubuntu Linux 4.1 on PPC
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-0156, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-0156 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.