oss-sec mailing list archives
Re: CVE Request - cups, dovecot-managesieve, perl, wireshark
From: Eygene Ryabinkin <rea-sec () codelabs ru>
Date: Mon, 1 Dec 2008 02:23:21 +0300
Me again. Mon, Dec 01, 2008 at 12:52:18AM +0300, Eygene Ryabinkin wrote:
Fri, Nov 28, 2008 at 04:29:10PM +0100, Jan Lieskovsky wrote:One point yet -- this is perl-5.8.8-1+ specific issue (different than CVE-2004-0452, CVE-2005-0448 and even different than recently fixed CVE-2008-2827). Seems that upstream forgot to apply the fix for CVE-2005-0448 to 5.8 perl after rebase. This newly reported issue already fixed in perl-5.10. CVE-2008-2827 affects only perl-5.10 (and it already applies additional fix to CVE-2005-0448, which has been properly applied in perl-5.10).
By the way, I had glanced over perl from 5.8.0 to 5.8.4 (the latter were said to be not vulnerable in the CVE-2005-0448). But since it misses 'if $force_writeable' on the second 'chmod', it should be vulnerable to the 'setuid' issue too. And since there are no checks for inode/mountpoint device changes for the directory, rmtree is called for, I assume that it is vulnerable to the deletion issue too. Any comments? -- Eygene
Current thread:
- CVE Request - cups, dovecot-managesieve, perl, wireshark Jan Lieskovsky (Nov 28)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Jan Lieskovsky (Nov 28)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Eygene Ryabinkin (Nov 30)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Eygene Ryabinkin (Nov 30)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Steven M. Christey (Dec 01)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Eygene Ryabinkin (Dec 02)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Eygene Ryabinkin (Nov 30)
- Re: CVE Request - cups, dovecot-managesieve, perl, wireshark Jan Lieskovsky (Nov 28)