Red Hat Bugzilla – Bug 249011
CVE-2003-0618 leaks file existance information
Last modified: 2008-05-30 12:23:41 EDT
Clone for RHEL3 tracking
+++ This bug was initially created as a clone of Bug #114923 +++
CAN-2003-0618 was reported 2003Jul29 to Debian. You can test for the
existance of files even if you don't have permission to do so by using
the suidperl command.
# mkdir ~root/delme; chmod 700 ~root/delme;touch ~root/delme/1
$ suidperl ~root/delme/1
Script is not setuid/setgid in suidperl
$ suidperl ~root/delme/2
Can't open perl script "/root/delme/2": No such file ...
Affects: 2.1AS 2.1ES 2.1AW 2.1WS (5.6.1)
Affects: 3AS 3ES 3WS (5.8.0)
Debian released an errata for this issue in Feb 2004.
-- Additional comment from firstname.lastname@example.org on 2004-02-09 10:40 EST --
Actually this doesn't affect RHEL3 because the setuid perl package was
-- Additional comment from email@example.com on 2005-05-04 18:04 EST --
I did some verification work on this one. This issue does affect RHEL3. We may
not have shipped perl-suidperl in the past, we do now.
-- Additional comment from firstname.lastname@example.org on 2006-04-21 21:24 EST --
fixed with perl-5.6.1-38.EL2_1
-- Additional comment from email@example.com on 2006-10-01 19:33 EST --
assigning to firstname.lastname@example.org
-- Additional comment from email@example.com on 2007-07-20 07:47 EST --
that version isn't shipped yet, opening and marking MODIFIED
This issue was fixed in perl-5.8.0-93.EL3
* Mon Apr 24 2006 Jason Vas Dias <firstname.lastname@example.org> - 2:5.8.0-93.EL3
- fix minor security issue CVE-2003-0618: suidperl could be used to
reveal locations of files in hidden directories