CVE-2005-0156
Last modified
CVE-2005-0156 is a vulnerability of currently unknown severity. Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.. EPSS estimates a 1.31% chance of exploitation in the next 30 days.
Description
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Larry Wall | Perl | 5.8.0 |
| Larry Wall | Perl | 5.8.1 |
| Larry Wall | Perl | 5.8.3 |
| Larry Wall | Perl | 5.8.4 |
| Larry Wall | Perl | 5.8.4.1 |
| Larry Wall | Perl | 5.8.4.2 |
| Larry Wall | Perl | 5.8.4.2.3 |
| Larry Wall | Perl | 5.8.4.3 |
| Larry Wall | Perl | 5.8.4.4 |
| Larry Wall | Perl | 5.8.4.5 |
| Sgi | Propack | 3.0 |
| Ibm | Aix | 5.2 |
| Ibm | Aix | 5.3 |
| Redhat | Enterprise Linux | 3.0 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Fedora Core | core_3.0 |
| Suse | Suse Linux | 8.0 |
| Suse | Suse Linux | 8.1 |
| Suse | Suse Linux | 8.2 |
| Suse | Suse Linux | 9.0 |
| Suse | Suse Linux | 9.1 |
| Suse | Suse Linux | 9.2 |
| Trustix | Secure Linux | 1.5 |
| Trustix | Secure Linux | 2.0 |
| Trustix | Secure Linux | 2.1 |
| Trustix | Secure Linux | 2.2 |
| Ubuntu | Ubuntu Linux | 4.1 |
References
- http://www.gentoo.org/security/en/glsa/glsa-200502-13.xmlExploit, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-103.htmlPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-105.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/12426Patch, Vendor Advisory
- http://www.trustix.org/errata/2005/0003/Patch, Vendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200502-13.xmlExploit, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-103.htmlPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-105.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/12426Patch, Vendor Advisory
- http://www.trustix.org/errata/2005/0003/Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-0156?
How severe is CVE-2005-0156?
How do I fix CVE-2005-0156?
Are you affected by CVE-2005-0156?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST