suidperl contains a flaw that may allow a local malicious user to gain access to unauthorized privileges. The issue is triggered when a user mounts media with files with a UID other than their own. The user can then run arbitrary scripts as that user (possibly root). Depending on the chosen script, this flaw may lead to a loss of confidentiality, integrity and/or availability.

Upgrade to version 5.004_03 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Do not let untrusted users mount media. A Patch for the vulnerable versions (4.x and 5.x) was also released.

• CVE ID: 1999-0462 (see also: NVD)
• Bugtraq ID: 339
• ISS X-Force ID: 3544
• CERT: CA-1997-17
• Vendor Specific Advisory URL: ftp://ftp.caldera.com/pub/security/OpenLinux/SA-1997.26.txt
• CIAC Advisory: h-66a
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_1/0185.html
• Vendor URL: http://www.perl.org/

Unknown or Incomplete