[1509] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-alert] SECURITY: vulnerability in sperl

daemon@ATHENA.MIT.EDU (Erik Troan)
Fri Apr 18 12:17:18 1997

Resent-From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
Resent-To: linux-security@redhat.com, linux-alert@redhat.com
Delivered-To: security-announce@redhat.com
From: Erik Troan <ewt@redhat.com>
To: redhat-announce-list@redhat.com
Date: Fri, 18 Apr 1997 10:15:02 -0400 (EDT)
Reply-To: linux-alert@redhat.com


Red Hat Software has been notified of a critical security problem (a buffer
overrun) in /usr/bin/sperl*. As no official fix for this problem exists,
we recommend turning off the setuid bit on /usr/bin/sperl*. As far as
we know, this problem affects all platforms and all versions.

As soon as a fix is available we will release a new version of the perl
package and announce it here. If no fix seems forthcoming, we will issue
a new package w/o the setuid bit enabled on /usr/sbin/sperl.

You can disable the exploits for this bug with the following command:

	chmod u-s /usr/bin/sperl*

Erik

-------------------------------------------------------------------------------
|       I told you I'm not very bright -- Sugar in "Some Like It Hot"         |
|                                                                             |
|       Erik Troan   =   ewt@redhat.com     =    ewt@sunsite.unc.edu          |


home help back first fref pref prev next nref lref last post