Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0156

11 documents9 sources

Severity

2.1LOW

EPSS

0.4%

top 40.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM AIX Larry Wall Perl Redhat Enterprise Linux +6 more

Timeline

PublishedFeb 7

Latest updateMay 1

Description

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages8 packages

▶Debianperl< 5.8.4-6+3

▶NVDlarry_wall/perl10 versions+9

▶NVDibm/aix5.2, 5.3+1

▶NVDsgi/propack3.0

▶NVDsuse/suse_linux6 versions+5

Also affects: Ubuntu Linux 4.1, Enterprise Linux 3.0

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-hv4j-j5rr-rmfx: Buffer overflow in the PerlIO implementation in Perl 5↗2022-05-01

▶

CVEList

CVE-2005-0156: Buffer overflow in the PerlIO implementation in Perl 5↗2005-02-07

▶

OSV

CVE-2005-0156: Buffer overflow in the PerlIO implementation in Perl 5↗2005-02-07

▶

💥Exploits & PoCs

Exploit-DB

Setuid perl - 'PerlIO_Debug()' Local Overflow↗2005-02-07

▶

📋Vendor Advisories

Ubuntu

Perl vulnerabilities↗2005-02-02

▶

Red Hat

security flaw↗2005-02-01

▶

Debian

CVE-2005-0156: perl - Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with ...↗2005

▶

💬Community

Bugzilla

CVE-2005-0156 security flaw↗2018-08-16

▶

Bugzilla

CVE-2005-3651 ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability↗2006-01-04

▶