Vulnerability CVE-2005-0077

Vulnerability Name:

CVE-2005-0077 (CCN-19068)

Assigned:

2005-01-25

Published:

2005-01-25

Updated:

2018-10-19

Summary:

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2005-0077

Source: CCN
Type: Phil Jones, July 00
How to install the Perl module DBI on Linux

Source: BUGTRAQ
Type: UNKNOWN
20050125 [USN-70-1] Perl DBI module vulnerability

Source: CCN
Type: RHSA-2005-069
perl security update

Source: CCN
Type: RHSA-2005-072
perl-DBI security update

Source: CCN
Type: SA14015
Perl DBI ProxyServer.pm Insecure Temporary File Creation

Source: SECUNIA
Type: UNKNOWN
14015

Source: SECUNIA
Type: UNKNOWN
14050

Source: CCN
Type: SECTRACK ID: 1013007
Perl DBI::ProxyServer Unsafe Temporary Files May Let Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1013007

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-658

Source: DEBIAN
Type: DSA-658
libdbi-perl -- insecure temporary file

Source: CCN
Type: GLSA-200501-38
Perl: rmtree and DBI tmpfile vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200501-38

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:030

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:072

Source: FEDORA
Type: UNKNOWN
FLSA-2006:178989

Source: BID
Type: UNKNOWN
12360

Source: CCN
Type: BID-12360
Libdbi-perl Unspecified Insecure Temporary File Creation Vulnerability

Source: CCN
Type: USN-70-1
libdbi-perl vulnerabilities

Source: XF
Type: UNKNOWN
dbi-library-file-overwrite(19068)

Source: XF
Type: UNKNOWN
dbi-library-file-overwrite(19068)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10552

Source: SUSE
Type: SUSE-SR:2005:004
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/o:debian:debian_linux:3.0:*:woody:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:4.10:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:larry_wall:perl:5.3:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050077	V	CVE-2005-0077	2015-11-16
oval:org.mitre.oval:def:10552	V	arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.	2013-04-29
oval:com.redhat.rhsa:def:20050072	P	RHSA-2005:072: perl-DBI security update (Low)	2005-02-15
oval:com.redhat.rhsa:def:20050069	P	RHSA-2005:069: perl security update (Low)	2005-02-01
oval:org.debian:def:658	V	insecure temporary file	2005-01-25

BACK