Great Circle Associates Majordomo-Users
(June 1996)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Just an FYI on perl
From: jkrage @ scientech . com (Joshua Krage)
Date: Thu, 27 Jun 96 16:41:28 -0500
To: majordomo-users @ GreatCircle . COM
In-reply-to: (Your message of Thu, 27 Jun 96 13:41:34 CST.)

> For those who might not know, CERT has just issued an advisory on Perl 4.x
> through 5.002. I hesitated to post this to this list, but since Majordomo is
> based on Perl, it pretty much effectively touches everyone here. Anyway..

The advisory covers a specific portion of Perl, and doesn't imply any
flaws in the Perl package as a whole.  The advisory covers systems
which have installed the suidperl or sperl programs.  Also systems
which implement saved set-user-ID or saved set-group-ID.  If your
version of Perl wasn't compiled to support these, then you probably
don't currently have a problem.

Its probably still a good idea to upgrade to 5.003 to avoid problems.
Especially if you're running 5.0000 through 5.001.

If you need more information, the file

contains pointers to all of CERT's public information on the topic.
The file also has information on retrieving the latest version of

Majordomo itself, as distributed, doesn't use the vulnerable portions
of Perl.  It has the wrapper to handle the critical system calls.

----------------------------------------------------------------------------                                            Joshua Krage
Network Administrator          SCIENTECH, Inc.                (301) 468-6425

Indexed By Date Previous: Re: Just an FYI on perl
From: Richard Pieri <>
Next: approve message
Indexed By Thread Previous: Re: Just an FYI on perl
From: Jim Jagielski <>
Next: approve message

Search Internet Search