Great Circle Associates Majordomo-Users
(June 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Just an FYI on perl
From: jkrage @ scientech . com (Joshua Krage)
Date: Thu, 27 Jun 96 16:41:28 -0500
To: majordomo-users @ GreatCircle . COM
In-reply-to: (Your message of Thu, 27 Jun 96 13:41:34 CST.)


> For those who might not know, CERT has just issued an advisory on Perl 4.x
> through 5.002. I hesitated to post this to this list, but since Majordomo is
> based on Perl, it pretty much effectively touches everyone here. Anyway..

The advisory covers a specific portion of Perl, and doesn't imply any
flaws in the Perl package as a whole.  The advisory covers systems
which have installed the suidperl or sperl programs.  Also systems
which implement saved set-user-ID or saved set-group-ID.  If your
version of Perl wasn't compiled to support these, then you probably
don't currently have a problem.

Its probably still a good idea to upgrade to 5.003 to avoid problems.
Especially if you're running 5.0000 through 5.001.

If you need more information, the file

        ftp://info.cert.org/pub/cert_advisories/CA-96.12.README

contains pointers to all of CERT's public information on the topic.
The file also has information on retrieving the latest version of
Perl.

Majordomo itself, as distributed, doesn't use the vulnerable portions
of Perl.  It has the wrapper to handle the critical system calls.

----------------------------------------------------------------------------
jkrage@scientech.com                                            Joshua Krage
Network Administrator          SCIENTECH, Inc.                (301) 468-6425


Indexed By Date Previous: Re: Just an FYI on perl
From: Richard Pieri <ratinox@unilab.dfci.harvard.edu>
Next: approve message
From: duongc@cpmx.mail.saic.com
Indexed By Thread Previous: Re: Just an FYI on perl
From: Jim Jagielski <jim@jaguNET.com>
Next: approve message
From: duongc@cpmx.mail.saic.com

Google
 
Search Internet Search www.greatcircle.com