PT-2005-1255 · Perl+1 · Perl+1

Kevin Finisterre

Published

2005-02-07

Updated

2018-08-13

CVE-2005-0156

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Perl version 5.8.0

Description The issue is related to a buffer overflow in the PerlIO implementation. It allows local users to execute arbitrary code by setting the PERLIO DEBUG variable and executing a Perl script with a long directory path.

Recommendations For Perl version 5.8.0, consider avoiding the use of setuid support (sperl) until a patch is available. As a temporary workaround, restrict the setting of the PERLIO DEBUG variable to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0156

RHSA-2005:103

RHSA-2005:105

RHSA-2005_103

RHSA-2005_105

Affected Products

Perl

Red Hat

PT-2005-1255 · Perl+1 · Perl+1

CVE-2005-0156

Related Identifiers

Affected Products

References · 25