Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Perl "PERLIO_DEBUG" Privilege Escalation Vulnerabilities

by BioGeek (Hermit)
on Feb 04, 2005 at 18:56 UTC ( [id://428159]=perlnews: print w/replies, xml ) Need Help??

Description:
Kevin Finisterre has reported two vulnerabilities in Perl, which can be exploited by malicious, local users to gain escalated privileges.

1) An error in the handling of debug message output in setuid root perl scripts can be exploited to output debug messages to arbitrary files by manipulating the "PERLIO_DEBUG" environment variable.

2) A boundary error in the handling of the "PERLIO_DEBUG" environment variable can be exploited to cause a buffer overflow and execute arbitrary code with root privileges by calling a setuid root perl script with a specially crafted, overly long "PERLIO_DEBUG" environment variable.

Solution:
Only grant trusted users access to affected systems.

Provided and/or discovered by:
Kevin Finisterre

Original Advisory:
http://www.ubuntulinux.org/support/documentation/usn/usn-72-1
and http://secunia.com/advisories/14120/.
  • Comment on Perl "PERLIO_DEBUG" Privilege Escalation Vulnerabilities

Replies are listed 'Best First'.
Re: Perl "PERLIO_DEBUG" Privilege Escalation Vulnerabilities
by dragonchild (Archbishop) on Feb 04, 2005 at 19:08 UTC
    Solution:
    Only grant trusted users access to affected systems.

    There's another one - don't use setuid root perl scripts. They are the Unix equivalent of the Trusted Zone in Win32, with the same inherent structural issues.

    Being right, does not endow the right to be rude; politeness costs nothing.
    Being unknowing, is not the same as being stupid.
    Expressing a contrary opinion, whether to the individual or the group, is more often a sign of deeper thought than of cantankerous belligerence.
    Do not mistake your goals as the only goals; your opinion as the only opinion; your confidence as correctness. Saying you know better is not the same as explaining you know better.

[reply]

Back to Perl News

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlnews [id://428159]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (6)
As of 2024-04-18 13:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found