Ubuntu 4.10 : perl vulnerabilities (USN-44-1)

Ubuntu Security Notice (C) 2004-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

A race condition and possible information leak has been discovered in
Perl's File::Path::rmtree(). This function changes the permission of
files and directories before removing them to avoid problems with
wrong permissions. However, they were made readable and writable not
only for the owner, but for the entire world, which opened a race
condition and a possible information leak (if the actual removal of a
file/directory failed for some reason).

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:P)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20661 ()

Bugtraq ID:

CVE ID: CVE-2004-0452