> For those who might not know, CERT has just issued an advisory on Perl 4.x
> through 5.002. I hesitated to post this to this list, but since Majordomo is
> based on Perl, it pretty much effectively touches everyone here. Anyway..
The advisory covers a specific portion of Perl, and doesn't imply any
flaws in the Perl package as a whole. The advisory covers systems
which have installed the suidperl or sperl programs. Also systems
which implement saved set-user-ID or saved set-group-ID. If your
version of Perl wasn't compiled to support these, then you probably
don't currently have a problem.
Its probably still a good idea to upgrade to 5.003 to avoid problems.
Especially if you're running 5.0000 through 5.001.
If you need more information, the file
ftp://info.cert.org/pub/cert_advisories/CA-96.12.README
contains pointers to all of CERT's public information on the topic.
The file also has information on retrieving the latest version of
Perl.
Majordomo itself, as distributed, doesn't use the vulnerable portions
of Perl. It has the wrapper to handle the critical system calls.
----------------------------------------------------------------------------
jkrage@scientech.com Joshua Krage
Network Administrator SCIENTECH, Inc. (301) 468-6425
|
|
