Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2005-0156

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

Related bugs and status

CVE-2005-0156 (Candidate) is related to these bugs:

Bug #11159: perl: silent write error can lead to data loss, with patch

Summary				In	Importance	Status
	11159	perl: silent write error can lead to data loss, with patch		perl (Ubuntu)	High	Fix Released
	11159	perl: silent write error can lead to data loss, with patch		perl (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

GENTOO: GLSA-200502-13
REDHAT: RHSA-2005:103
REDHAT: RHSA-2005:105
TRUSTIX: 2005-0003
BID: 12426
SECUNIA: 14120
FEDORA: FLSA-2006:152845
MANDRAKE: MDKSA-2005:031
SECUNIA: 55314
FULLDISC: 20050207 DMA[2005-0131...
MISC: http://www.digitalmuni...
CONECTIVA: CLSA-2006:1056
BUGTRAQ: 20050202 [USN-72-1] Pe...
XF: perl-perliodebug-bo(19...
OVAL: oval:org.mitre.oval:de...