Red Hat Bugzilla – Bug 161053
CVE-2005-0448 perl File::Path.pm rmtree race condition
Last modified: 2007-11-30 17:07:07 EST
+++ This bug was initially created as a clone of Bug #157694 +++
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4
allows local users to create arbitrary setuid binaries in the tree being
deleted, a different vulnerability than CAN-2004-0452.
Created attachment 120147 [details]
This attachment is a patch we in Fedora Legacy have proposed to fix
CAN-2005-0448 for RH9 in bug #152845, which is also perl-5.8.0. This patch is
courtesy of John Dalbec, who found it and (back?)ported it. I believe its
original source is from Ubuntu, but I am not clear on that.
In any event, this patch is almost identical to a similar patch that Debian did
for this same issue; you can see analysis for the legacy FC1 version of this
patch in Bug 152845 comment #8 and the RH9 patch (this one) in Bug 152845
Cheers! And hope this helps! :-)
This bug was fixed with RHEL-3-U5's perl-5.8.0-89.10 version, which was in the
'RHEL-3-embargo' CVS branch and never integrated with the 'RHEL-3' CVS head
branch. Chip Turner's patch for this issue ('perl-5.8.0-rmtree.patch') is now
applied in the head RHEL-3 branch with perl-5.8.0-90.+ .
Sorry, I was getting confused with CAN-2004-0452 , which is fixed in U5 .
CVE-2005-0448 STILL AFFECTS RHEL-3 .
This bug is now fixed in perl-5.8.0-90.2 .
Have you all issued an RHSA / Errata for this fixed bug in RHEL 3?
David, this flaw is not yet included in a published RHSA for RHEL3. However the
bug is in MODIFIED state which means that a fix for this flaw has been tested,
committed, and will be part of a future RHSA for RHEL3 perl.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.