CVE-2005-4278

Description

Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

Affected products

• larry_wall / perl5.8.6
• larry_wall / perl5.3 – 5.3
• larry_wall / perl5.4 – 5.4
• larry_wall / perl5.4.5 – 5.4.5
• larry_wall / perl5.5 – 5.5
• larry_wall / perl5.5.3 – 5.5.3
• larry_wall / perl5.6.1 – 5.6.1
• larry_wall / perl5.8.0 – 5.8.0
• larry_wall / perl5.8.1 – 5.8.1
• larry_wall / perl5.8.3 – 5.8.3
• larry_wall / perl5.8.4 – 5.8.4
• larry_wall / perl5.8.4.1 – 5.8.4.1
• larry_wall / perl5.8.4.2 – 5.8.4.2
• larry_wall / perl5.8.4.2.3 – 5.8.4.2.3
• larry_wall / perl5.8.4.3 – 5.8.4.3
• larry_wall / perl5.8.4.4 – 5.8.4.4
• larry_wall / perl5.8.4.5 – 5.8.4.5

References

• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2005/2119
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200510-14.xml
• VENDOR_ADVISORYhttp://secunia.com/advisories/55314
• VENDOR_ADVISORYhttp://secunia.com/advisories/17232
• MISChttp://www.osvdb.org/20086
• MISChttp://www.securityfocus.com/bid/15120