Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Perl | Larry_wall | * | 5.8.6 (including) |
| Perl | Larry_wall | 5.3 (including) | 5.3 (including) |
| Perl | Larry_wall | 5.4 (including) | 5.4 (including) |
| Perl | Larry_wall | 5.4.5 (including) | 5.4.5 (including) |
| Perl | Larry_wall | 5.5 (including) | 5.5 (including) |
| Perl | Larry_wall | 5.5.3 (including) | 5.5.3 (including) |
| Perl | Larry_wall | 5.6.1 (including) | 5.6.1 (including) |
| Perl | Larry_wall | 5.8.0 (including) | 5.8.0 (including) |
| Perl | Larry_wall | 5.8.1 (including) | 5.8.1 (including) |
| Perl | Larry_wall | 5.8.3 (including) | 5.8.3 (including) |
| Perl | Larry_wall | 5.8.4 (including) | 5.8.4 (including) |
| Perl | Larry_wall | 5.8.4.1 (including) | 5.8.4.1 (including) |
| Perl | Larry_wall | 5.8.4.2 (including) | 5.8.4.2 (including) |
| Perl | Larry_wall | 5.8.4.2.3 (including) | 5.8.4.2.3 (including) |
| Perl | Larry_wall | 5.8.4.3 (including) | 5.8.4.3 (including) |
| Perl | Larry_wall | 5.8.4.4 (including) | 5.8.4.4 (including) |
| Perl | Larry_wall | 5.8.4.5 (including) | 5.8.4.5 (including) |
References
- http://secunia.com/advisories/17232
- http://secunia.com/advisories/55314
- http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml
- http://www.osvdb.org/20086
- http://www.securityfocus.com/bid/15120
- http://www.vupen.com/english/advisories/2005/2119
- http://secunia.com/advisories/17232
- http://secunia.com/advisories/55314
- http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml
- http://www.osvdb.org/20086
- http://www.securityfocus.com/bid/15120
- http://www.vupen.com/english/advisories/2005/2119