__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Perl Security Update for Red Hat [RHSA-2005:880-8] December 20, 2005 23:00 GMT Number Q-082 [REVISED 17 Jan 2006] [REVISED 1 Mar 2006] [REVISED 29 Jun 2006] ______________________________________________________________________________ PROBLEM: An integer overflow bug was found in Perl's format string processor. PLATFORM: Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) Debian GNU/Linux 3.1 alias sarge Solaris 10 Operating System Perl 5.8.2 and earlier provided with: * HP Tru64 UNIX 5.1.B-3, 5.1B-2/PK4, 5.1A PK6 * HP Internet Express 6.3 & 6.4 for HP TRU64 UNIX * Tru64 UNIX Associated Products CD (APCD) for HP Tru64 UNIX v 5.1B-3 (BL25) and earlier. DAMAGE: It is possible for an attacker to cause perl to crash or execute arbitrary code if the attacker is able to process a malicious format string. SOLUTION: Apply current patches. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. A local user must have write permissions to ASSESSMENT: any subdirectory of the tree to exploit this vulnerability. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-082.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2005-880.html ADDITIONAL LINKS: Debian Security Advisory DSA-943-1 http://www.debian.org/security/2006/dsa-943 Sun Alert ID: 102192 http://www.sunsolve.sun.com/search/document.do?assetkey= 1-26-102192-1&searchclause=%22category:security% 22%2420%22availability,%2420security%22%2420 category:security Visit Hewlett-Packard Subscription Service for: HPSBTU02125 SSRT061105 rev. 1 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2005-3962 ______________________________________________________________________________ REVISION HISTORY: 01/17/2006 - added link to Debian Security Advisory DSA-943-1 that provides patches addressing this vulnerability. 03/01/2006 - revised to add a link to Sun Alert ID: 102192 for Solaris 10 Operating System. 06/29/2006 - revised to add a link to Hewlett-Packard HPSBTU02125 SSRT061105 rev. 1 for Perl 5.8.2 and earlier provided with: HP Tru64 UNIX 5.1.B-3, 5.1B-2/PK4, 5.1A PK6, HP Internet Express 6.3 & 6.4 for HP TRU64 UNIX, and Tru64 UNIX Associated Products CD (APCD) for HP Tru64 UNIX v 5.1B-3 (BL25) and earlier. [***** Start RHSA-2005:880-8 *****] perl security update Advisory: RHSA-2005:880-8 Type: Security Advisory Issued on: 2005-12-20 Last updated on: 2005-12-20 Affected Products: Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) CVEs (cve.mitre.org): CVE-2005-3962 Details Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl's format string processor. It is possible for an attacker to cause perl to crash or execute arbitrary code if the attacker is able to process a malicious format string. This issue is only exploitable through a script which passes arbitrary untrusted strings to the format string processor. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3962 to this issue. Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues as well as fixes for several bugs. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 4) SRPMS: perl-5.8.5-24.RHEL4.src.rpm     44fee2aba88f5e9f95c6380f59d96168   IA-32: perl-5.8.5-24.RHEL4.i386.rpm     41acc2458d49e5993f2166e4e3011158 perl-suidperl-5.8.5-24.RHEL4.i386.rpm     fc333a6a5b0823ae264ccc0034d16d3b   x86_64: perl-5.8.5-24.RHEL4.x86_64.rpm     21b444319af3893c7dfc522fd81b8a3f perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm     20880d1430449d763eb54688e2ab6f24   Red Hat Enterprise Linux AS (v. 4) SRPMS: perl-5.8.5-24.RHEL4.src.rpm     44fee2aba88f5e9f95c6380f59d96168   IA-32: perl-5.8.5-24.RHEL4.i386.rpm     41acc2458d49e5993f2166e4e3011158 perl-suidperl-5.8.5-24.RHEL4.i386.rpm     fc333a6a5b0823ae264ccc0034d16d3b   IA-64: perl-5.8.5-24.RHEL4.ia64.rpm     bce950fab06eac39fabf74060746e50a perl-suidperl-5.8.5-24.RHEL4.ia64.rpm     70ab2ffbeac438218a37f295dac5308e   PPC: perl-5.8.5-24.RHEL4.ppc.rpm     9865ec5607eb3ef32a39d1ba5969d34a perl-suidperl-5.8.5-24.RHEL4.ppc.rpm     62c2ce1ff78671de1fca6bb34fc29fc5   s390: perl-5.8.5-24.RHEL4.s390.rpm     b62ef568796c54ef8e0d8defb3931f41 perl-suidperl-5.8.5-24.RHEL4.s390.rpm     e3fe98dd7c5b19aefc38597bab186327   s390x: perl-5.8.5-24.RHEL4.s390x.rpm     b76f72b60b736d4c143bf8cbb435c789 perl-suidperl-5.8.5-24.RHEL4.s390x.rpm     c55fbbc676950f192923a526fa0c2177   x86_64: perl-5.8.5-24.RHEL4.x86_64.rpm     21b444319af3893c7dfc522fd81b8a3f perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm     20880d1430449d763eb54688e2ab6f24   Red Hat Enterprise Linux ES (v. 4) SRPMS: perl-5.8.5-24.RHEL4.src.rpm     44fee2aba88f5e9f95c6380f59d96168   IA-32: perl-5.8.5-24.RHEL4.i386.rpm     41acc2458d49e5993f2166e4e3011158 perl-suidperl-5.8.5-24.RHEL4.i386.rpm     fc333a6a5b0823ae264ccc0034d16d3b   IA-64: perl-5.8.5-24.RHEL4.ia64.rpm     bce950fab06eac39fabf74060746e50a perl-suidperl-5.8.5-24.RHEL4.ia64.rpm     70ab2ffbeac438218a37f295dac5308e   x86_64: perl-5.8.5-24.RHEL4.x86_64.rpm     21b444319af3893c7dfc522fd81b8a3f perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm     20880d1430449d763eb54688e2ab6f24   Red Hat Enterprise Linux WS (v. 4) SRPMS: perl-5.8.5-24.RHEL4.src.rpm     44fee2aba88f5e9f95c6380f59d96168   IA-32: perl-5.8.5-24.RHEL4.i386.rpm     41acc2458d49e5993f2166e4e3011158 perl-suidperl-5.8.5-24.RHEL4.i386.rpm     fc333a6a5b0823ae264ccc0034d16d3b   IA-64: perl-5.8.5-24.RHEL4.ia64.rpm     bce950fab06eac39fabf74060746e50a perl-suidperl-5.8.5-24.RHEL4.ia64.rpm     70ab2ffbeac438218a37f295dac5308e   x86_64: perl-5.8.5-24.RHEL4.x86_64.rpm     21b444319af3893c7dfc522fd81b8a3f perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm     20880d1430449d763eb54688e2ab6f24   (The unlinked packages above are only available from the Red Hat Network)Bugs fixed (see bugzilla for more information) 170088 - bits/resource.ph has syntax errors 171111 - (libperl) could not run system-config-printer 172327 - getgrnam() crashes with "Out of memory" if /etc/group contains long lines 174683 - CVE-2005-3962 Perl integer overflow issue 175104 - MakeMaker::MM_Unix doesn't honor LD_RUN_PATH requirements 175129 - missing C standard headers References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962 These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ Copyright © 2002-05 Red Hat, Inc. All rights reserved. Legal statement : Privacy statement : redhat.com Red Hat Network release 4.0.1 [***** End RHSA-2005:880-8 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-071: HP-UX Running IPSec Remote Unauthorized Access Q-072: Sun Update Connection Web Proxy Password Disclosure Vulnerability Q-073: IBM Tivoli Directory Server Vulnerability Q-074: Cumulative Security Update for Internet Explorer Q-075: Vulnerability in Windows Kernel Q-076: Sober.X (Y) To Download New Code On or After Jan. 6 Q-077: Citrix Vulnerability in Program Neighborhood Client Q-078: cURL Security Update Q-079: HP-UX Running Software Distributor Remote Unauthorized Access Q-081: netpbm Security Update