Red Hat Bugzilla – Bug 145579
CAN-2005-0077 perl-DBI insecure temporary file usage
Last modified: 2007-11-30 17:07:15 EST
*** This bug has been split off bug 145577 ***
------- Original comment by Josh Bressers (Security Response Team) on 2005.01.19
Javier FernÃ¡ndez-Sanguino PeÃ±a from the Debian Security Audit Project
discovered that the DBI library, the Perl5 database interface, creates
a tmporary file in an insecure manner. This can be exploited by a
malicious user to overwrite arbitrary files owned by the person
executing the program.
This will be disclosed on Tuesday the 25th.
attachment 109991 [details] contains the proposed patch for this issue.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.