Debian Perl vulnerabilities

CVE-2005-3962 [MEDIUM] CVE-2005-3962: perl - Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5... Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. Scope

CVE-2005-4278 [HIGH] CVE-2005-4278: perl - Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allo... Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2005-0156 [LOW] CVE-2005-0156: perl - Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with ... Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. Scope: local bookworm: resolved (fixed in 5.8.4-6) bullseye: resolved (fixed in 5.8.4-6) forky: resolved (fi

CVE-2005-0448 [LOW] CVE-2005-0448: perl - Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allo... Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. Scope: local bookworm: resolved (fixed in 5.8.4-7) bullseye: resolved (fixed in 5.8.4-7) forky: resolved (fixed in 5.8.4-7) sid: resolved (fixed in 5.8.4-7) trixie: resol

CVE-2005-4217 [HIGH] CVE-2005-4217: perl - Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when usin... Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2004-0377 [CRITICAL] CVE-2004-0377: perl - Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and ... Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2004-0976 [LOW] CVE-2004-0976: perl - Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and... Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. Scope: local bookworm: resolved (fixed in 5.8.4-4) bullseye: resolved (fixed in 5.8.4-4) forky: resolved (fixed in 5.8.4-4) sid: resolved (fixed in 5.8.4-4) trixie: resolved (fixed in 5.8.4-

CVE-2004-0452 [LOW] CVE-2004-0452: perl - Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and... Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. Scope: local bookworm: resolved (fixed in 5.8.4-5) bullseye: resolved (fixed in 5.8.4-5) forky: resolved (fixed i

CVE-2003-0615 [MEDIUM] CVE-2003-0615: perl - Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote... Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. Scope: local bookworm: resolved (fixed in 5.8.0-19) bullseye: resolved (fixed in 5.8.0-19) forky: resolved (fixed in 5.8.0-19) sid: resolved (fixed in 5.8.0-19) trixie: resolved (fixed in 5.8.0-19)

CVE-2003-0900 [MEDIUM] CVE-2003-0900: perl - Perl 5.8.1 on Fedora Core does not properly initialize the random number generat... Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers. Scope: local bookworm: resolved (fixed in 5.8.2) bullseye: resolved (fixed in 5.8.2) forky: resolved (fixed in 5.8.2) sid: resolved (fixed in 5.8.2) trixie: resolved (fixed in 5.8.2)

CVE-2003-0618 [LOW] CVE-2003-0618: perl - Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obt... Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions. Scope: local bookworm: resolved (fixed in 5.8.3-3) bullseye: resolved (fixed in 5.8.3-3) forky: resolved (fixed in 5.8.3-3) sid: resolved (fixed in 5.8.3-3) trixie: resolved (fixed in 5.8.3-3)

CVE-2002-0703 [HIGH] CVE-2002-0703: perl - An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could prod... An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data. Scope: local bookworm: resolved (fixed in 5.8.0-7) bullseye: resolved (fixed in 5.8.0-7) forky: resolved (fixed in 5.8.0-7) sid: resolved (fixed in 5.8.0-7) trixie: reso

CVE-2002-1323 [MEDIUM] CVE-2002-1323: perl - Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attack... Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. Scope: local bookworm: resolved (fixed in 5.8.0-14) bullseye: resolved (fixed in 5.8.0-14) forky: resolved (fixed in 5.8.0-14) sid: resolved