Debian Security Advisory DSA 658-1 (libdbi-perl) Network Vulnerability

Summary

The remote host is missing an update to libdbi-perl announced via advisory DSA 658-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20658-1

Insight

Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a tmporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library. For the stable distribution (woody) this problem has been fixed in version 1.21-2woody2. For the unstable distribution (sid) this problem has been fixed in version 1.46-6. We recommend that you upgrade your libdbi-perl package.

Severity

Classification

CVE CVE-2005-0077
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 022-1 (exmh)
Debian Security Advisory DSA 2840-1 (srtp - buffer overflow)
Debian Security Advisory DSA 2147-1 (pimd)
Debian Security Advisory DSA 015-1 (sash)
Debian Security Advisory DSA 1068-1 (fbi)

Take action and discover your vulnerabilities