Perl "PERLIO_DEBUG"权限提升漏洞

Perl "PERLIO_DEBUG"权限提升漏洞

Perl "PERLIO_DEBUG"权限提升漏洞

[b]Description:[/b]
Kevin Finisterre has reported two vulnerabilities in Perl, which can be exploited by malicious, local users to gain escalated privileges.

1) An error in the handling of debug message output in setuid root perl scripts can be exploited to output debug messages to arbitrary files by manipulating the "PERLIO_DEBUG" environment variable.

2) A boundary error in the handling of the "PERLIO_DEBUG" environment variable can be exploited to cause a buffer overflow and execute arbitrary code with root privileges by calling a setuid root perl script with a specially crafted, overly long "PERLIO_DEBUG" environment variable.

[b]Solution:[/b]
Only grant trusted users access to affected systems.

[b]Provided and/or discovered by:[/b]
Kevin Finisterre

[b]Original Advisory:[/b]
[url]http://www.ubuntulinux.org/support/documentation/usn/usn-72-1[/url]
[url]http://secunia.com/advisories/14120/[/url].
thanks
i think it's an upgrade to perl 5.8.5 or 5.8.6 when i am downloading new perl update to ubuntu yesterday:)
think this problem may have got fixed in the new version now, thanks your info.