CVE-2005-0156

Severity

21%

Complexity

39%

Confidentiality

48%

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N).

Overview

First reported 20 years ago

2005-02-07 05:00:00

Last updated 6 years ago

2018-08-13 21:47:00

Affected Software

SGI ProPack 3.0

3.0

IBM AIX 5.2

5.2

IBM AIX 5.3

5.3

Red Hat Desktop 3.0

3.0

SuSE SuSE Linux 8.0

8.0

SuSE SuSE Linux 8.1

8.1

SuSE SuSE Linux 8.2

8.2

SuSE SuSE Linux 9.0

9.0

SuSE SuSE Linux 9.1

9.1

SuSE SuSE Linux 9.2

9.2

Trustix Secure Linux 1.5

1.5

Trustix Secure Linux 2.0

2.0

Trustix Secure Linux 2.1

2.1

Trustix Secure Linux 2.2

2.2

References

CLSA-2006:1056

FLSA-2006:152845

20050202 [USN-72-1] Perl vulnerabilities

20050207 DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG

14120

55314

http://www.digitalmunition.com/DMA[2005-0131b].txt

Broken Link

GLSA-200502-13

Exploit, Vendor Advisory

MDKSA-2005:031

RHSA-2005:103

Patch, Vendor Advisory

RHSA-2005:105

Patch, Vendor Advisory

12426

Patch, Vendor Advisory

2005-0003

Patch, Vendor Advisory

perl-perliodebug-bo(19208)

oval:org.mitre.oval:def:10803

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.