This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200502-13
(Perl: Vulnerabilities in perl-suid wrapper)
perl-suid scripts honor the PERLIO_DEBUG environment variable and
write to that file with elevated privileges (CAN-2005-0155).
Furthermore, calling a perl-suid script with a very long path while
PERLIO_DEBUG is set could trigger a buffer overflow (CAN-2005-0156).
A local attacker could set the PERLIO_DEBUG environment variable
and call existing perl-suid scripts, resulting in file overwriting and
potentially the execution of arbitrary code with root privileges.
You are not vulnerable if you do not have the perlsuid USE flag
set or do not use perl-suid scripts.
See also :
All Perl users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose dev-lang/perl
Risk factor :
Medium / CVSS Base Score : 4.6