Re: CVE Request - cups, dovecot-managesieve, perl, wireshark

[Eygene Ryabinkin <rea-sec () codelabs ru>]

Me again.

Mon, Dec 01, 2008 at 12:52:18AM +0300, Eygene Ryabinkin wrote:
> Fri, Nov 28, 2008 at 04:29:10PM +0100, Jan Lieskovsky wrote:
> > One point yet -- this is perl-5.8.8-1+ specific issue (different than
> > CVE-2004-0452, CVE-2005-0448 and even different than recently fixed
> > CVE-2008-2827). Seems that upstream forgot to apply the fix for
> > CVE-2005-0448 to 5.8 perl after rebase. This newly reported issue
> > already fixed in perl-5.10.
> >
> > CVE-2008-2827 affects only perl-5.10 (and it already applies additional
> > fix to CVE-2005-0448, which has been properly applied in perl-5.10).

By the way, I had glanced over perl from 5.8.0 to 5.8.4 (the latter were
said to be not vulnerable in the CVE-2005-0448).  But since it misses
'if $force_writeable' on the second 'chmod', it should be vulnerable to
the 'setuid' issue too.  And since there are no checks for
inode/mountpoint device changes for the directory, rmtree is called for,
I assume that it is vulnerable to the deletion issue too.

Any comments?
-- 
Eygene