[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl,
From:       Eygene Ryabinkin <rea-sec () codelabs ! ru>
Date:       2008-11-30 23:23:21
Message-ID: g2BMw9g7W0GP3gxdFJTwDSUjWik () DnrfhFPe1KmBT9SMnrHVxzpiU9A
[Download RAW message or body]

Me again.

Mon, Dec 01, 2008 at 12:52:18AM +0300, Eygene Ryabinkin wrote:
> 
> Fri, Nov 28, 2008 at 04:29:10PM +0100, Jan Lieskovsky wrote:
> > One point yet -- this is perl-5.8.8-1+ specific issue (different than
> > CVE-2004-0452, CVE-2005-0448 and even different than recently fixed
> > CVE-2008-2827). Seems that upstream forgot to apply the fix for
> > CVE-2005-0448 to 5.8 perl after rebase. This newly reported issue
> > already fixed in perl-5.10.
> > 
> > CVE-2008-2827 affects only perl-5.10 (and it already applies additional
> > fix to CVE-2005-0448, which has been properly applied in perl-5.10).

By the way, I had glanced over perl from 5.8.0 to 5.8.4 (the latter were
said to be not vulnerable in the CVE-2005-0448).  But since it misses
'if $force_writeable' on the second 'chmod', it should be vulnerable to
the 'setuid' issue too.  And since there are no checks for
inode/mountpoint device changes for the directory, rmtree is called for,
I assume that it is vulnerable to the deletion issue too.

Any comments?
-- 
Eygene
[prev in list] [next in list] [prev in thread] [next in thread]