Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0377

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0377
Last Modified 10 Sep 2008 03:26:03
Published 04 May 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0377

Summary

Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.

Vulnerable Systems

Application

  • Activestate Activeperl

  • Larry Wall Perl 5.8.3


References

CERT-VN - VU#722414

XF - perl-win32stat-bo(15732)

FULLDISC - 20040405 iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function

CONFIRM - http://public.activestate.com/cgi-bin/perlbrowse?patch=22552

MISC - http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities

BUGTRAQ - 20040405 [Full-Disclosure] iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function


Last Updated: 27 May 2016 10:38:35