cbcvebase.
CVE-2005-0155
published 2005-05-02

CVE-2005-0155: The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.

PriorityP417medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.20%
64.3th percentile
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianperl< perl 5.8.4-6 (bookworm)perl 5.8.4-6 (bookworm)
larry_wallperl
perlperl>= 0 < 5.8.4-65.8.4-6
perlperl>= 0 < 5.8.4-65.8.4-6
perlperl>= 0 < 5.8.4-65.8.4-6
perlperl>= 0 < 5.8.4-65.8.4-6
redhatenterprise_linux

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.