Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-35
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 31 Mar 2005
Last revised: 31 Mar 2005

Package: perl

Summary: Symlink attack in perl may allow arbitrary file overwriting

More information:
    Perl is a high-level programming language with roots in C, sed, awk
    and shell scripting.  Perl is good at handling processes and files,
    and is especially good at handling text.

    A vulnerability in the manner in which perl handles temporary files
    could allow local users to overwrite arbitrary files via a symlink attack.

Impact:
    This vulerability could allow attackers to overwrite arbitrary files
    via a symbolic link attack.

Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

Solution:
    Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
  Turbolinux Home]
# turbopkg
or
# zabom -u perl

[other]
# turbopkg
or
# zabom update perl
---------------------------------------------

<Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   perl-5.6.1-11.src.rpm
      5987884 f26d7a758a4d147829455eaa283be198

   Binary Packages
   Size: MD5

   perl-5.6.1-11.i586.rpm
      6134690 a870d95d258ac7a85dfcd34290e77e41

<Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   perl-5.6.1-11.src.rpm
      5987884 874cd055ed99d466511934e783824fc2

   Binary Packages
   Size: MD5

   perl-5.6.1-11.i586.rpm
      6096989 d1d6d928a20e52885be274f499095509

<Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/perl-5.8.5-5.src.rpm
      9379818 8b9910d0419f2ccf42d0196c5cbd5135

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/perl-5.8.5-5.i586.rpm
     12774316 c00569ac8663f34f159f219970e11ae9

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/perl-5.8.0-12.src.rpm
     10871644 7625c76be188816823b09eab9b4bcda5

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/perl-5.8.0-12.i586.rpm
     12123866 1ce3da88ef78810526956b39fd9b4349

<Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/perl-5.6.1-11.src.rpm
      5987884 614cff8ba91d3350016b6ab190e31627

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/perl-5.6.1-11.i586.rpm
      6136132 e4a725678f5d137a893362d247cc96e3

<Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/perl-5.6.1-11.src.rpm
      5987884 85f37ea8d25d83a349cdaef396914758

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/perl-5.6.1-11.i586.rpm
      6135248 9ce1012409bb9473e7b00f081638378a

<Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/perl-5.6.1-11.src.rpm
      5987884 1f50a87ed9f99acb80db5ea765293a2b

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/perl-5.6.1-11.i586.rpm
      6141038 17b0b6b09fcea7194b614c773a799178

<Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/perl-5.6.1-11.src.rpm
      5987884 aa5c6871fbfe6bb775ad4b0e2a48a19b

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/perl-5.6.1-11.i586.rpm
      6142038 f9b20e4d71e30e83a3fcd2dda780f12d

References:

CVE
   [CAN-2004-0452]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452
   [CAN-2004-0976]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976

--------------------------------------------------------------------------
Revision History
    31 Mar 2005 Initial release
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFCS6MdK0LzjOqIJMwRAgN7AJ9xTXr+vRl8JYX04UbssZERwMvXSgCgtknD
lquqf4Vw2HWpob6iB8tEAMo=
=YXx6
-----END PGP SIGNATURE-----