USN-70-1: Perl DBI module vulnerability

26 January 2005

Perl DBI module vulnerability



Javier Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the module DBI::ProxyServer in Perl's DBI library
created a PID file in an insecure manner. This could allow a symbolic
link attack to create or overwrite arbitrary files with the privileges
of the user invoking a program using this module (like 'dbiproxy').

Now the module does not create a such a PID file by default.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
  • libdbi-perl -

In general, a standard system update will make all the necessary changes.