Bugtraq mailing list archives
[linux-security] Re: SECURITY: vulnerability in sperl
From: aleph1 () DFW NET (Aleph One)
Date: Sat, 19 Apr 1997 21:10:37 -0500
-----BEGIN PGP SIGNED MESSAGE----- At 10:15 AM 4/18/97 -0400, Erik Troan wrote:
Red Hat Software has been notified of a critical security problem (a buffer overrun) in /usr/bin/sperl*. As no official fix for this problem exists, we recommend turning off the setuid bit on /usr/bin/sperl*. As far as we know, this problem affects all platforms and all versions. As soon as a fix is available we will release a new version of the perl package and announce it here. If no fix seems forthcoming, we will issue a new package w/o the setuid bit enabled on /usr/sbin/sperl.
A patch for 5.003_97f has appeared on the Perl5-Porters list. The entire codebase is being examined line by line to find any other such conditions.
You can disable the exploits for this bug with the following command: chmod u-s /usr/bin/sperl*
Perl 5.003_97g was released tonight. It should fix that bug. Any other overflow problems will be caught and killed before the 5.004 release. -----BEGIN PGP SIGNATURE----- Version: 4.5 iQEVAwUBM1hFNyHKgQer03QZAQGeFwf+K6lAuHjqGjHH6wN/joXbnJnuusCZ3Usv sjRjqiBQ0/yUriK88ghjQOImgY/P2pxu1kDzpB/gt1hbl+miVTZ9HAhWxO5Izou7 fZHPvLA0xOeaRmBXk3EszIbVtZKvwkhHPeJSMXiseOcaPF+r5zCGontiL2Vze2Hy bqeuECMo3MtUa+be1/6KN2aDdHAvJ1nidOwMoPwcQG1QULlaig0C3dKRYq2dwWWP OFgC7gLwUmWN3exV7p2qxG5rgEhNvsgkWBWOnnkCG5qZk+QgrFRvGxrh3Wlb7Dha qiqsya58EDoTemoYTb7vvpNCoX+uynl2i+y7xcXxm/xZGe2wIFO4cw== =TpSH -----END PGP SIGNATURE----- Alan Olsen "Mi Tio es infermo, pero la carretera es verde!" Webmaster The Perl Institute webmaster () perl org
Current thread:
- [linux-security] Re: SECURITY: vulnerability in sperl Aleph One (Apr 19)