Perl Security Vulnerability

moonchild · ‎01-26-2009

I am researching a security vulnerability found in HP-UX’s Perl. I’ve looked all over HP’s site and cannot find an update or even an acknowledgment of this issue. Any ideas?

Here’s more info:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5303

Thanks.

Avinash20 · ‎01-26-2009

Hi,

Is this releated to HP-UX Perl ??

"Light travels faster than sound. That's why some people appear bright until you hear them speak."

James R. Ferguson · ‎01-26-2009

Hi:

A more update (secure) version is available from CPAN:

http://search.cpan.org/~dland/File-Path-2.07/Path.pm

See the notes in the Security Considerations section.

Regards!

...JRF...

Avinash20 · ‎01-26-2009

http://securitytracker.com/alerts/2005/Jun/1014213.html

"Light travels faster than sound. That's why some people appear bright until you hear them speak."

moonchild · ‎01-26-2009

Yes this is related to HPUX's PERL

James R. Ferguson · ‎01-26-2009

Hi (again):

As I suggested, you can download a newer version of the module from CPAN and install that.

Regards!

...JRF...

moonchild · ‎01-26-2009

but this a different one:

Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.

and am looking to see if HP has new patched perl version?

James R. Ferguson · ‎01-26-2009

Hi (again):

> and am looking to see if HP has new patched perl version?

It isn't HP that is going to patch this. This is a Perl community "issue" and would probably be addressed by the module's maintainer. You can query:

http://rt.cpan.org/Public/Dist/Display.html?Name=File-Path

Regards!

...JRF...

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Perl Security Vulnerability

Perl Security Vulnerability

Re: Perl Security Vulnerability

Re: Perl Security Vulnerability

Re: Perl Security Vulnerability

Re: Perl Security Vulnerability

Re: Perl Security Vulnerability

Re: Perl Security Vulnerability

Re: Perl Security Vulnerability