http://www.osvdb.org/25974
OSVDB ID: 25974
Disclosure Date: Jun 5, 2006

Description:

ActiveState ActivePerl contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the attacker creates a malicious 'sitecustomize.pl' file in the 'site/lib' directory. This flaw may lead to a loss of integrity.

Technical Description:

This issue can only be exploited on Windows operating systems.

The issue is caused due to a combination of insecure use of the 'sitecustomize.pl' file and insecure default directory permissions granting Users group to create files in 'site/lib' directory. This issue allows local attackers to execute Perl script code with the privileges of other users executing ActivePerl.

Vulnerability Classification:

* Local/Shell Access Required
* Misconfiguration Problem
* Loss Of Integrity
* Exploit Available

Products:

* ActiveState ActivePerl 5.8.8.817

Solution:

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds:

1. Create an empty sitecustomize.pl in the 'site/lib' directory.
2. Always run ActivePerl with the '-f' command line option.

  • Comment on ActivePerl sitecustomize.pl Local Privilege Escalation

Replies are listed 'Best First'.
Re: ActivePerl sitecustomize.pl Local Privilege Escalation
by shenme (Priest) on Sep 28, 2006 at 16:06 UTC
    Ah, interesting lesson in vulnerability report aging. None of the six different bug tracking sites linked to ever went back and updated the reports to show this _was_ fixed in release 818 (though at least a couple sites apparently did originally contact ActiveState to find out that that was planned). Is this normal, that there is _no_ followup?
[reply]

      From the bottom of that page:

      "This entry was last updated on Jul 2, 2006. If you have additional information or corrections for this vulnerability please submit them to OSVDB Moderators."

[reply]

Back to Perl News