Detections
Analytics
Mandrake Linux Security Advisory : perl (MDKSA-2000:031)
high Nessus Plugin ID 61827
Language:
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
There is a vulnerability that exists when using setuidperl together with the mailx program. In some cases, setuidperl will warn root that something has going on. The setuidperl program uses /bin/mail to send the message, as root, with the environment preserved. An undocumented feature of /bin/mail consists of it interpretting the ~! sequence even if it is not running on the terminal, and the message also contains the script name, taken from argv[1]. With all of this combined, it is possible to execute a command using ~! passed in the script name to create a suid shell. The instance of setuidperl sending such a message can only be reached if you try to fool perl into forcing the execution of one file instead of another. This vulnerability may not be limited to just the mailx program, which is why an upgrade for perl is provided as opposed to an upgrade for mailx.Solution
Update the affected perl and / or perl-base packages.Plugin Details
Severity: High
ID: 61827
File Name: mandrake_MDKSA-2000-031.nasl
Version: 1.6
Type: local
Family: Mandriva Local Security Checks
Published: 9/6/2012
Updated: 1/6/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:perl, p-cpe:/a:mandriva:linux:perl-base, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 8/8/2000
Reference Information
MDKSA: 2000:031