[Cascavel-pm] falha de segurança no Perl
Alceu R. de Freitas Jr.
glasswalk3r em yahoo.com.br
Quinta Fevereiro 17 06:56:56 PST 2005
Perl
Perl, a popular scripting and data parsing language,
is vulnerable to two attacks that may be exploitable
by an attacker to overwrite files with root
permissions, or to execute arbitrary code with root
permissions. Perl's set user id wrapper is supplied
with Perl to allow the safe execution of set user id
root scripts. An attacker can set the environmental
variable PERLIO_DEBUG to an arbitrary file that will
be overwritten with Perl debugging messages when the
set user id root Perl script is executed. Also,
running the set user id root script while PERLIO_DEBUG
is set to a very long value can cause a buffer
overflow and result in arbitrary code being executed.
Affected users should watch their vendors for an
updated version of Perl and should consider disabling
set user id scripts until Perl has been updated.
Fonte:
http://www.linuxdevcenter.com/pub/a/linux/2005/02/11/security_alerts.html#perl
[]'s
=====
Alceu Rodrigues de Freitas Junior
--------------------------------------
glasswalk3r em yahoo.com.br
http://www.imortais.cjb.net
-----------------------------------------------------------------------
A well-used door needs no oil on its hinges.
A swift-flowing stream does not grow stagnant.
Neither sound nor thoughts can travel through a vacuum.
Software rots if not used.
These are great mysteries -- The Tao Of Programming, 5.1
_______________________________________________________
Yahoo! Acesso Grátis - Instale o discador do Yahoo! agora. http://br.acesso.yahoo.com/ - Internet rápida e grátis
Mais detalhes sobre a lista de discussão Cascavel-pm