Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0703

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2000-0703
Last Modified 10 Sep 2008 03:05:39
Published 20 Oct 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-0703

Summary

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

Vulnerable Systems

Application

  • Larry Wall Perl 5.4.5

  • Larry Wall Perl 5.5

  • Larry Wall Perl 5.5.3

  • Larry Wall Perl 5.6


References

BID - 1547

CALDERA - CSSA-2000-026.0

BUGTRAQ - 20000805 sperl 5.00503 (and newer ;) exploit

TURBO - TLSA2000018-1

REDHAT - RHSA-2000:048

SUSE - 20000810 Security Hole in perl, all versions

BUGTRAQ - 20000814 Trustix Security Advisory - perl and mailx

BUGTRAQ - 20000810 Conectiva Linux security announcemente - PERL

BUGTRAQ - 20000808 MDKSA-2000:031 perl update


Last Updated: 27 May 2016 10:35:50