Debian Security Advisory DSA 696-1 security@
debian.org
http://www.debian.org/security/ Martin Schulze
March 22nd, 2005
http://www.debian.org/security/faq
Package :
perl
Vulnerability : design flaw
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0448
Debian Bug : 286905 286922
Paul Szabo discovered another
vulnerability in the File::Path::rmtree
function of
perl, the popular scripting language. When a process is
deleting a directory tree, a different user could exploit a race
condition to create setuid binaries in this directory tree, provided
that he already had write permissions in any subdirectory of that
tree.
For the stable distribution (woody) this problem has been fixed in
version 5.6.1-8.9.
For the unstable distribution (sid) this problem has been fixed in
version 5.8.4-8.
We recommend that you upgrade your
perl packages.