Turbolinux Local Security Tests : Turbolinux TLSA-2005-35 (perl)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52851

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2005-35 (perl)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to perl
announced via advisory TLSA-2005-35.

Perl is a high-level programming language with roots in C, sed, awk
and shell scripting. Perl is good at handling processes and files,
and is especially good at handling text.

A vulnerability in the manner in which perl handles temporary files
could allow local users to overwrite arbitrary files via a symlink attack.

This vulerability could allow attackers to overwrite arbitrary files
via a symbolic link attack.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-35

Risk factor : Medium

CVSS Score:
2.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0452
BugTraq ID: 12072
http://www.securityfocus.com/bid/12072
Bugtraq: 20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl) (Google Search)
http://marc.info/?l=bugtraq&m=110547693019788&w=2
Debian Security Information: DSA-620 (Google Search)
http://www.debian.org/security/2004/dsa-620
http://fedoranews.org/updates/FEDORA--.shtml
http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938
http://www.redhat.com/support/errata/RHSA-2005-103.html
http://www.redhat.com/support/errata/RHSA-2005-105.html
http://secunia.com/advisories/12991
http://secunia.com/advisories/18517
http://secunia.com/advisories/55314
SGI Security Advisory: 20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
https://www.ubuntu.com/usn/usn-44-1/
XForce ISS Database: perl-filepathrmtree-insecure-permissions(18650)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18650
Common Vulnerability Exposure (CVE) ID: CVE-2004-0976
BugTraq ID: 11294
http://www.securityfocus.com/bid/11294
http://www.mandriva.com/security/advisories?name=MDKSA-2005:031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752
http://www.redhat.com/support/errata/RHSA-2005-881.html
http://secunia.com/advisories/17661
http://secunia.com/advisories/18075
http://www.trustix.org/errata/2004/0050
XForce ISS Database: script-temporary-file-overwrite(17583)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52851
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2005-35 (perl)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to perl announced via advisory TLSA-2005-35. Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. A vulnerability in the manner in which perl handles temporary files could allow local users to overwrite arbitrary files via a symlink attack. This vulerability could allow attackers to overwrite arbitrary files via a symbolic link attack. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-35 Risk factor : Medium CVSS Score: 2.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0452 BugTraq ID: 12072 http://www.securityfocus.com/bid/12072 Bugtraq: 20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl) (Google Search) http://marc.info/?l=bugtraq&m=110547693019788&w=2 Debian Security Information: DSA-620 (Google Search) http://www.debian.org/security/2004/dsa-620 http://fedoranews.org/updates/FEDORA--.shtml http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938 http://www.redhat.com/support/errata/RHSA-2005-103.html http://www.redhat.com/support/errata/RHSA-2005-105.html http://secunia.com/advisories/12991 http://secunia.com/advisories/18517 http://secunia.com/advisories/55314 SGI Security Advisory: 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U https://www.ubuntu.com/usn/usn-44-1/ XForce ISS Database: perl-filepathrmtree-insecure-permissions(18650) https://exchange.xforce.ibmcloud.com/vulnerabilities/18650 Common Vulnerability Exposure (CVE) ID: CVE-2004-0976 BugTraq ID: 11294 http://www.securityfocus.com/bid/11294 http://www.mandriva.com/security/advisories?name=MDKSA-2005:031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752 http://www.redhat.com/support/errata/RHSA-2005-881.html http://secunia.com/advisories/17661 http://secunia.com/advisories/18075 http://www.trustix.org/errata/2004/0050 XForce ISS Database: script-temporary-file-overwrite(17583) https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com