FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p5-DBI -- insecure temporary file creation vulnerability

Affected packages
0 <= p5-DBI-137
p5-DBI < 1.37_1
1.38 <= p5-DBI < 1.48

Details

VuXML ID 8cfb6f42-d2b0-11da-a672-000e0c2e438a
Discovery 2005-01-25
Entry 2006-04-23
Modified 2006-05-11

Javier Fernández-Sanguino Peña reports:

The DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library.

[source]

References

Bugtraq ID 12360
CVE Name CAN-2005-0077
URL http://www.debian.org/security/2005/dsa-658

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.