CAN-2003-0618 was reported 2003Jul29 to Debian. You can test for the existance of files even if you don't have permission to do so by using the suidperl command. $ su # mkdir ~root/delme; chmod 700 ~root/delme;touch ~root/delme/1 # exit $ suidperl ~root/delme/1 Script is not setuid/setgid in suidperl $ suidperl ~root/delme/2 Can't open perl script "/root/delme/2": No such file ... http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=220486 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426 Affects: 2.1AS 2.1ES 2.1AW 2.1WS (5.6.1) Affects: 3AS 3ES 3WS (5.8.0) Debian released an errata for this issue in Feb 2004.
Actually this doesn't affect RHEL3 because the setuid perl package was not shipped.
I did some verification work on this one. This issue does affect RHEL3. We may not have shipped perl-suidperl in the past, we do now.
fixed with perl-5.6.1-38.EL2_1
assigning to rnorwood
that version isn't shipped yet, opening and marking MODIFIED
EL2.1 reached end of life.