Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 034-1 (ePerl)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update to ePerl announced via advisory DSA 034-1.

Insight

Insight

Fumitoshi Ukai and Denis Barbier have found several potential buffer overflow bugs in our version of ePerl as distributed in all of our distributions. When eperl is installed setuid root, it can switch to the UID/GID of the scripts owner. Although Debian doesn't ship the program setuid root, this is a useful feature which people may have activated locally. When the program is used as /usr/lib/cgi-bin/nph-eperl the bugs could lead into a remote vulnerability as well. Version 2.2.14-0.7potato2 fixes this. We recommend you upgrade your eperl package immediately.

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20034-1

Common Vulnerabilities and Exposures (CVE)