CAN-2005-0077
From: Peter J. Holzer (hjp_at_wsr.ac.at)
Date: 01/28/05
- Next message: Thomas L Shinnick: "Re: CAN-2005-0077"
- Previous message: Michael A Chase tech: "Re: get one column"
- Next in thread: Thomas L Shinnick: "Re: CAN-2005-0077"
- Reply: Thomas L Shinnick: "Re: CAN-2005-0077"
- Reply: Tim Bunce: "Re: CAN-2005-0077"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 28 Jan 2005 16:26:52 +0100 To: dbi-users@perl.org
I just read a Debian advisory about CAN-2005-0077, claiming "Javier
Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the DBI library, the Perl5 database interface, creates
a tmporary PID file in an insecure manner. This can be exploited by a
malicious user to overwrite arbitrary files owned by the person
executing the parts of the library."
I haven't seen this discussed on this list yet. Will this be fixed in
DBI 1.47, and if so, when can we expect that release?
hp
-- _ | Peter J. Holzer | If the code is old but the problem is new |_|_) | Sysadmin WSR / LUGA | then the code probably isn't the problem. | | | hjp@wsr.ac.at | __/ | http://www.hjp.at/ | -- Tim Bunce on dbi-users, 2004-11-05
- application/pgp-signature attachment: stored
- Next message: Thomas L Shinnick: "Re: CAN-2005-0077"
- Previous message: Michael A Chase tech: "Re: get one column"
- Next in thread: Thomas L Shinnick: "Re: CAN-2005-0077"
- Reply: Thomas L Shinnick: "Re: CAN-2005-0077"
- Reply: Tim Bunce: "Re: CAN-2005-0077"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
