CVE-2005-0156
NONE EPSS 67.2%
Published Feb 7, 200521y ago · Modified Jun 16, 20262w ago
Published Feb 7, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Threat Intelligence
EPSS Exploit Probability
67.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Affected Products 32
| Vendor | Product | Version | Range |
|---|---|---|---|
| larry_wall | perl | 5.8.0 | any |
| larry_wall | perl | 5.8.1 | any |
| larry_wall | perl | 5.8.3 | any |
| larry_wall | perl | 5.8.4 | any |
| larry_wall | perl | 5.8.4.1 | any |
| larry_wall | perl | 5.8.4.2 | any |
| larry_wall | perl | 5.8.4.2.3 | any |
| larry_wall | perl | 5.8.4.3 | any |
| larry_wall | perl | 5.8.4.4 | any |
| larry_wall | perl | 5.8.4.5 | any |
| sgi | propack | 3.0 | any |
| ibm | aix | 5.2 | any |
| ibm | aix | 5.3 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux_desktop | 3.0 | any |
| redhat | fedora_core | core_3.0 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.0 | any |
| suse | suse_linux | 8.1 | any |
| suse | suse_linux | 8.2 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.0 | any |
| suse | suse_linux | 9.1 | any |
| suse | suse_linux | 9.2 | any |
| trustix | secure_linux | 1.5 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.1 | any |
| trustix | secure_linux | 2.2 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
References 15
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
- fedoranews.org http://fedoranews.org/updates/FEDORA--.shtml
- marc.info http://marc.info/?l=bugtraq&m=110737149402683&w=2
- marc.info http://marc.info/?l=full-disclosure&m=110779721503111&w=2
- secunia.com http://secunia.com/advisories/14120
- secunia.com http://secunia.com/advisories/55314
- digitalmunition.com http://www.digitalmunition.com/DMA%5B2005-0131b%5D.txt
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2005:031
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-103.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-105.html
- securityfocus.com http://www.securityfocus.com/bid/12426
- trustix.org http://www.trustix.org/errata/2005/0003/
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/19208
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10803
Remediation
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-103.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-105.html
- securityfocus.com http://www.securityfocus.com/bid/12426
- trustix.org http://www.trustix.org/errata/2005/0003/