GLSA-200502-13 : Perl: Vulnerabilities in perl-suid wrapper
Medium Nessus Plugin ID 16450
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200502-13 (Perl: Vulnerabilities in perl-suid wrapper)
perl-suid scripts honor the PERLIO_DEBUG environment variable and write to that file with elevated privileges (CAN-2005-0155).
Furthermore, calling a perl-suid script with a very long path while PERLIO_DEBUG is set could trigger a buffer overflow (CAN-2005-0156).
A local attacker could set the PERLIO_DEBUG environment variable and call existing perl-suid scripts, resulting in file overwriting and potentially the execution of arbitrary code with root privileges.
You are not vulnerable if you do not have the perlsuid USE flag set or do not use perl-suid scripts.
SolutionAll Perl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose dev-lang/perl