-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.07: Vulnerability in perl Advisory issue date: 07-Apr-1998 Topic: Vulnerability in perl I. Problem Description A race condition exists when executing `perl -e ...'. This can be used in a DoS (Denial of Service) attack which deletes the content of a targeted file. II. Impact The target file can be harmed if the user executing `perl -e' has write permissions for the file. The contents will be replaced with the text of the argument for `-e' option. This attack is likely to have one of two results. A file which is needed for normal system operation is destroyed rendering machine services inaccessible (DoS). A file controlling access to the machine is modified to allow access to the attacker (Compromise). The likelihood of successful compromise attacks are remote as they usually require that the attacker modify the argument paired with the '-e' flag. This problem is present in OpenLinux 1.2 and prior releases. III. Solution Upgrade to the perl-5.004_03-2 packages. They can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/005/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/005/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: bb5ad759caafc145ed127cf57e5d0c1f perl-5.004_03-2.i386.rpm 116500196267424d5ae1898389242654 perl-add-5.004_03-2.i386.rpm 552ebc8c59f6c05e4576d727b3132d4e perl-examples-5.004_03-2.i386.rpm edf5c15d0b18677d89e23cada18b3d5d perl-man-5.004_03-2.i386.rpm b06a442baec601c58f5f8ec7c2eef5fc perl-pod-5.004_03-2.i386.rpm d663727f82da3b9f45568ab5fc148a50 perl-5.004_03-2.src.rpm Upgrade with the following commands: rpm -q perl && rpm -U perl-5.004_03-2.i386.rpm rpm -q perl-add && rpm -U perl-add-5.004_03-2.i386.rpm rpm -q perl-examples && rpm -U perl-examples-5.004_03-2.i386.rpm rpm -q perl-man && rpm -U perl-man-5.004_03-2.i386.rpm rpm -q perl-pod && rpm -U perl-pod-5.004_03-2.i386.rpm IV. References BugTraq reference: From: stanislav shalunov To: BUGTRAQ@NETSPACE.ORG Subject: another /tmp race: `perl -e' opens temp file not safely Date: Sun, 8 Mar 1998 00:04:20 GMT Message-ID: <199803072356.CAA16643@main.mccme.rssi.ru> and follow-up postings This and other Caldera security resources are located at: http://www.caldera.com/tech-ref/security/ This security fix closes Caldera's internal Problem Report 1810 V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNSwE9en+9R4958LpAQF8fwP+NN/0Xo4weZgTnc04ilkYvI3AIN8Iu3c9 hIajjL8/AChw9ZokzVIUlpCcpy4zr89gwT0xuhURwqZIDZcdnPAI+FDlxpZO2eH5 IRMgUlfp9jiQAkwa95U8pRhifCrf6BcyqJze3V5x/mrh6gU8bDH3r6IaCyaJt7kQ u47ZMoQWIZE= =gPQ+ -----END PGP SIGNATURE-----