Red Hat Bugzilla – Bug 146737
CAN-2005-0155 multiple setuid perl issues (CAN-2005-0156)
Last modified: 2007-11-30 17:07:06 EST
Created attachment 110480 [details]
Text sent to vendor-sec
The following isuses were reported regarding running setuid perl executables
(I'm attaching the report as a text file as it is long).
buffer overflow caused by very long paths
and a PERLIO_DEBUG file overwrite bug.
This issue should also affect RHEL2.1
Created attachment 110481 [details]
This patch needs peer review.
CAN-2005-0155 for the privilege escalation in debug mode
CAN-2005-0156 for the buffer overflow
patch applied and built into dist-3.0E-errata-candidate
Removing embargo, public via ubuntu
This issue does not affect RHEL2.1
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.