Mandrake Linux Security Advisory : perl (MDKSA-2000:031)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

There is a vulnerability that exists when using setuidperl together
with the mailx program. In some cases, setuidperl will warn root that
something has going on. The setuidperl program uses /bin/mail to send
the message, as root, with the environment preserved. An undocumented
feature of /bin/mail consists of it interpretting the ~! sequence even
if it is not running on the terminal, and the message also contains
the script name, taken from argv[1]. With all of this combined, it is
possible to execute a command using ~! passed in the script name to
create a suid shell. The instance of setuidperl sending such a message
can only be reached if you try to fool perl into forcing the execution
of one file instead of another. This vulnerability may not be limited
to just the mailx program, which is why an upgrade for perl is
provided as opposed to an upgrade for mailx.

Solution :

Update the affected perl and / or perl-base packages.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61827 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now