USN-94-1: Perl vulnerability

9 March 2005

perl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Paul Szabo discovered another vulnerability in the rmtree() function in File::Path.pm. While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
perl-modules

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References