Come for the quick hacks, stay for the epiphanies. | |
PerlMonks |
Perl "PERLIO_DEBUG" Privilege Escalation Vulnerabilitiesby BioGeek (Hermit) |
on Feb 04, 2005 at 18:56 UTC ( [id://428159]=perlnews: print w/replies, xml ) | Need Help?? |
Description: Kevin Finisterre has reported two vulnerabilities in Perl, which can be exploited by malicious, local users to gain escalated privileges. 1) An error in the handling of debug message output in setuid root perl scripts can be exploited to output debug messages to arbitrary files by manipulating the "PERLIO_DEBUG" environment variable. 2) A boundary error in the handling of the "PERLIO_DEBUG" environment variable can be exploited to cause a buffer overflow and execute arbitrary code with root privileges by calling a setuid root perl script with a specially crafted, overly long "PERLIO_DEBUG" environment variable. Solution: Only grant trusted users access to affected systems. Provided and/or discovered by: Kevin Finisterre Original Advisory: http://www.ubuntulinux.org/support/documentation/usn/usn-72-1 and http://secunia.com/advisories/14120/.
Back to
Perl News
|
|