Vulnerability Description
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Larry Wall | Perl | 5.8.0 |
| Sgi | Propack | 3.0 |
| Ibm | Aix | 5.2 |
| Redhat | Enterprise Linux | 3.0 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Fedora Core | core_3.0 |
| Suse | Suse Linux | 8.0 |
| Trustix | Secure Linux | 1.5 |
| Ubuntu | Ubuntu Linux | 4.1 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
- http://fedoranews.org/updates/FEDORA--.shtml
- http://marc.info/?l=bugtraq&m=110737149402683&w=2
- http://marc.info/?l=full-disclosure&m=110779721503111&w=2
- http://secunia.com/advisories/14120
- http://secunia.com/advisories/55314
- http://www.digitalmunition.com/DMA%5B2005-0131b%5D.txt
- http://www.gentoo.org/security/en/glsa/glsa-200502-13.xmlExploitVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:031
- http://www.redhat.com/support/errata/RHSA-2005-103.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-105.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/12426PatchVendor Advisory
- http://www.trustix.org/errata/2005/0003/PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19208
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2005-0156?
CVE-2005-0156 is a vulnerability with a CVSS score of 2.1 (LOW). Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing ...
How severe is CVE-2005-0156?
CVE-2005-0156 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0156?
Check the references section above for vendor advisories and patch information. Affected products include: Larry Wall Perl, Sgi Propack, Ibm Aix, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.