https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344873#M344055 Hi:<BR /><BR />A more update (secure) version is available from CPAN:<BR /><BR /><A href="http://search.cpan.org/~dland/File-Path-2.07/Path.pm" target="_blank">http://search.cpan.org/~dland/File-Path-2.07/Path.pm</A><BR /><BR />See the notes in the Security Considerations section.<BR /><BR />Regards!<BR /><BR />...JRF...<BR /><BR /> Mon, 26 Jan 2009 17:41:20 GMT James R. Ferguson 2009-01-26T17:41:20Z https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344871#M344053 I am researching a security vulnerability found in HP-UX’s Perl. I’ve looked all over HP’s site and cannot find an update or even an acknowledgment of this issue. Any ideas?<BR /><BR />Here’s more info:<BR /><BR /><A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5303" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5303</A><BR /><BR />Thanks. Mon, 26 Jan 2009 17:18:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344871#M344053 moonchild 2009-01-26T17:18:35Z https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344872#M344054 Hi,<BR /><BR />Is this releated to HP-UX Perl ?? Mon, 26 Jan 2009 17:40:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344872#M344054 Avinash20 2009-01-26T17:40:36Z https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344873#M344055 Hi:<BR /><BR />A more update (secure) version is available from CPAN:<BR /><BR /><A href="http://search.cpan.org/~dland/File-Path-2.07/Path.pm" target="_blank">http://search.cpan.org/~dland/File-Path-2.07/Path.pm</A><BR /><BR />See the notes in the Security Considerations section.<BR /><BR />Regards!<BR /><BR />...JRF...<BR /><BR /> Mon, 26 Jan 2009 17:41:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344873#M344055 James R. Ferguson 2009-01-26T17:41:20Z https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344874#M344056 <A href="http://securitytracker.com/alerts/2005/Jun/1014213.html" target="_blank">http://securitytracker.com/alerts/2005/Jun/1014213.html</A> Mon, 26 Jan 2009 17:50:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344874#M344056 Avinash20 2009-01-26T17:50:19Z https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344875#M344057 Yes this is related to HPUX's PERL<BR /><BR /> Mon, 26 Jan 2009 18:09:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344875#M344057 moonchild 2009-01-26T18:09:47Z https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344876#M344058 Hi (again):<BR /><BR />As I suggested, you can download a newer version of the module from CPAN and install that.<BR /><BR />Regards!<BR /><BR />...JRF... Mon, 26 Jan 2009 18:15:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344876#M344058 James R. Ferguson 2009-01-26T18:15:37Z https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344877#M344059 but this a different one:<BR /><BR />Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. <BR /><BR />and am looking to see if HP has new patched perl version? Mon, 26 Jan 2009 20:02:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344877#M344059 moonchild 2009-01-26T20:02:27Z https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344878#M344060 Hi (again):<BR /><BR />&gt; and am looking to see if HP has new patched perl version?<BR /><BR />It isn't HP that is going to patch this. This is a Perl community "issue" and would probably be addressed by the module's maintainer. You can query:<BR /><BR /><A href="http://rt.cpan.org/Public/Dist/Display.html?Name=File-Path" target="_blank">http://rt.cpan.org/Public/Dist/Display.html?Name=File-Path</A><BR /><BR />Regards!<BR /><BR />...JRF... Mon, 26 Jan 2009 21:21:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/perl-security-vulnerability/m-p/4344878#M344060 James R. Ferguson 2009-01-26T21:21:04Z