Debians sikkerhedsbulletin
DSA-431-1 perl -- informationslækage
- Rapporteret den:
- 1. feb 2004
- Berørte pakker:
- perl
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 9543.
I Mitres CVE-ordbog: CVE-2003-0618. - Yderligere oplysninger:
-
Paul Szabo har opdaget en række ens fejl i suidperl, et hjælpeprogram til afvikling af perl-skripter med setuid-rettigheder. Ved udnyttelse af disse fejl kunne en angriber misbruge suidperl til at få oplysninger om filer (såsom undersøge om de findes og nogle af deres rettigheder), som ikke burde være tilgængelige for upriviligerede brugere.
I den nuværende stabile distribution (woody) er dette problem rettet i version 5.6.1-8.6.
I den ustabile distribution (sid), vil dette problem snart blive rettet. Se Debians fejl nummer 220486.
Vi anbefaler at du opdaterer din perl-pakke, hvis pakken "perl-suid" er installeret.
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6.dsc
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6.diff.gz
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.6_all.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.6_all.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.6_all.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.6_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.
MD5-kontrolsummer for de listede filer findes i den reviderede sikkerhedsbulletin.