bin/57315: security hole in 4.x base system's perl

IIJIMA Hiromitsu delmonta at
Sun Sep 28 07:20:08 PDT 2003

>Number:         57315
>Category:       bin
>Synopsis: security hole in 4.x base system's perl
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 28 07:20:05 PDT 2003
>Originator:     IIJIMA Hiromitsu
>Release:        FreeBSD 4.7-RELEASE-p3 i386
System: FreeBSD 4.7-RELEASE-p3 FreeBSD 4.7-RELEASE-p3 #0: Wed Jan 22 14:50:19 JST 2003 root at i386

Userland is upgraded to -p16, while the kernel is still -p3.

>Description: in FreeBSD 4.x base system's perl 5.005_03 has security hole
	labelled as CAN-2002-1323.

	For more information, see the websites at:

	[NOTE] ports/lang/perl5 (perl 5.6.1) and ports/lang/perl5.8 (perl 5.8.0)
	are not affected, since they have files/ in the ports.

	ports/japanese/perl5 (perl 5.005_03 plus Japanese patch) are affected
	just as 4.x base system's one, so I'll send another PR.

	Try the exploit code at Google Groups archive.

	Apply ports/lang/perl5/ to base system's perl.
	It applies to perl 5.005_03 with no problem.

	ports/lang/perl5.8/ does not apply to perl 5.005_03,
	since it is an upgrade from 2.07 to 2.09 while perl 5.005_03
	has 2.06.

More information about the freebsd-bugs mailing list