CVE-2005-4278 - OpenCVE

Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Larry Wall	Perl

Configuration 1 [-]

OR	cpe:2.3:a:larry_wall:perl::::::::
	cpe:2.3:a:larry_wall:perl:5.3:::::::*
	cpe:2.3:a:larry_wall:perl:5.4:::::::*
	cpe:2.3:a:larry_wall:perl:5.4.5:::::::*
	cpe:2.3:a:larry_wall:perl:5.5:::::::*
	cpe:2.3:a:larry_wall:perl:5.5.3:::::::*
	cpe:2.3:a:larry_wall:perl:5.6.1:::::::*
	cpe:2.3:a:larry_wall:perl:5.8.0:::::::*
	cpe:2.3:a:larry_wall:perl:5.8.1:::::::*
	cpe:2.3:a:larry_wall:perl:5.8.3:::::::*
	cpe:2.3:a:larry_wall:perl:5.8.4:::::::*
	cpe:2.3:a:larry_wall:perl:5.8.4.1:::::::*
	cpe:2.3:a:larry_wall:perl:5.8.4.2:::::::*
	cpe:2.3:a:larry_wall:perl:5.8.4.2.3:::::::*
	cpe:2.3:a:larry_wall:perl:5.8.4.3:::::::*
	cpe:2.3:a:larry_wall:perl:5.8.4.4:::::::*
	cpe:2.3:a:larry_wall:perl:5.8.4.5:::::::*

References

Link	Resource
http://secunia.com/advisories/17232	Vendor Advisory
http://secunia.com/advisories/55314
http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml	Patch
http://www.osvdb.org/20086
http://www.securityfocus.com/bid/15120	Patch
http://www.vupen.com/english/advisories/2005/2119

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-16T11:00:00

Updated: 2009-02-26T10:00:00

Reserved: 2005-12-16T00:00:00

Link: CVE-2005-4278

JSON object: View

NVD Information

Status : Modified

Published: 2005-12-16T11:03:00.000

Modified: 2013-10-24T01:56:09.593

Link: CVE-2005-4278

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-26T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2005-2119", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2119"}, {"name": "GLSA-200510-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml"}, {"name": "55314", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55314"}, {"name": "17232", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17232"}, {"name": "20086", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20086"}, {"name": "15120", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15120"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4278", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2005-2119", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2119"}, {"name": "GLSA-200510-14", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml"}, {"name": "55314", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55314"}, {"name": "17232", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17232"}, {"name": "20086", "refsource": "OSVDB", "url": "http://www.osvdb.org/20086"}, {"name": "15120", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15120"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4278", "datePublished": "2005-12-16T11:00:00", "dateReserved": "2005-12-16T00:00:00", "dateUpdated": "2009-02-26T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:larry_wall:perl:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB5869CF-E0BD-4091-B7AA-7722F39EAF0D", "versionEndIncluding": "5.8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "C6D64BFC-E974-460C-A635-7319676049A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "8FBFF691-770C-4181-BB40-14BD1B90F705", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "C7EF5BB8-FFEA-4927-A289-3C9A7ADEC6BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "AB034FE1-9575-45B4-9E8F-1B068E3ED1CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D6D7F3D2-FE93-4F2F-B8FB-F2A7869502FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "7530A863-0FFF-4332-8E6F-4329AB4DE5FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D30E072-9E6A-49B4-A5C7-63A328598A68", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "434F0580-985F-42AF-BA10-FAB7E2C23ED0", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "18B179E0-C843-46C9-AAD2-78E998175E41", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AD5E5A51-ED4C-4927-8C4D-502E79391E19", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "171C82CB-2E92-4D41-B1B1-DCFE929E8270", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "25633253-D9DE-41F0-A787-D0E8B2B3B9F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "AEDF9611-E4E2-4059-B45E-D3A61AC9DB47", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "49A9D197-D889-4BE4-BE7A-2EE9536A7498", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "D0A4538C-3870-431E-A225-D8523D77A4E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:larry_wall:perl:5.8.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "C8233B3A-E09D-425B-B1A1-65CD170FD384", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH."}], "id": "CVE-2005-4278", "lastModified": "2013-10-24T01:56:09.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-16T11:03:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17232"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/55314"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20086"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/15120"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2005/2119"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}