All Platforms : Users' Perl scripts failing on limited Red Hat Enterprise Linux systems (IM-11912)
Incident Report for Qualys, Inc.
Resolved
This incident has been resolved.
Qualys has released a public knowledge base (KB) article [ https://success.qualys.com/support/s/article/000007702 ] addressing this issue. The article includes an executive summary, root cause analysis, corrective actions taken by Qualys, preventive countermeasures, guidance on how customers can identify and resolve the issue, FAQs, and information on strengthening continuous safety measures.
Posted Jan 28, 2025 - 23:43 PST
Monitoring
Qualys Cloud Platform Operations has found and fixed a problem that caused users' Perl scripts to fail after running Vulnerability Management (VM) scans with the VULNSIGS-VM-2.6.245.2-2 manifest version on certain Red Hat Enterprise Linux (RHEL) and RPM-based Systems using Qualys Cloud Agents. Qualys Cloud Agent is fully functional and has no impact on its workflow.
There is no requirement to uninstall OR Reinstall Qualys Cloud Agent.

When "cpan -l" is invoked for the first time on an asset, it can create subdirectories such as /usr/local/share/perl5, /usr/local/lib/perl5, and /usr/local/lib64/perl5, which are standard directories used by CPAN. This problem primarily affected Red Hat Enterprise Linux systems but did not occur on all RHEL machines; the reason for this inconsistency is currently under investigation by Qualys in collaboration with CPAN. The directories were created with root ownership, preventing the successful execution of Perl scripts run with non-root privileges.

The Qualys research team has removed the problematic command and released a new manifest version VULNSIGS-VM-2.6.245.3-3.
To determine if you were affected:

1. Check for the existence of these directories:
[ -d /usr/local/lib64/perl5 ] && ls -ld /usr/local/lib64/perl5
[ -d /usr/local/share/perl5 ] && ls -ld /usr/local/share/perl5

2. If found, verify their permissions:
stat -c "%a %n" /usr/local/lib64/perl5 /usr/local/share/perl5

3. If permissions are set to 600, change them to 755 to allow access for non-root users:
chmod 755 /usr/local/lib64/perl5 /usr/local/share/perl5

If you have any affected assets, please follow the above steps OR Qualys Technical Support Team can assist in sharing and executing the script for the above step.
Posted Jan 28, 2025 - 23:33 PST
This incident affected: IN Platform 1 (Cloud Agent (CA)), US Platform 1 (Cloud Agent (CA)), US Platform 2 (Cloud Agent (CA)), EU Platform 1 (Cloud Agent (CA)), US Platform 3 (Cloud Agent (CA)), EU Platform 2 (Cloud Agent (CA)), CA Platform 1 (Cloud Agent (CA)), US Platform 4 (Cloud Agent (CA)), AE Platform 1 (Cloud Agent (CA)), AU Platform 1 (Cloud Agent (CA)), KSA Platform 1 (Cloud Agent (CA)), EU Platform 3 (Cloud Agent (CA)), and UK Platform 1 (Cloud Agent (CA)).