[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Buffer Overflow in ActivePerl ?

To: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Re: Buffer Overflow in ActivePerl ?
From: Curt Sampson <cjs@xxxxxxxxx>
Date: Wed, 19 May 2004 17:20:16 +0900 (JST)

On Wed, 19 May 2004, Nick FitzGerald wrote:

> However, there is not likely to be a privilege escalation here unless
> perhaps a script processor on a web server can be cajoled into doing
> something with this?

Not terribly likely; system() in perl forks a new process, potentially
executing a command interpreter:

    ... If there is only one scalar argument, the argument is checked
    for shell metacharacters, and if there are any, the entire argument
    is passed to the system's command shell for parsing...

If you can cajole a web server into passing fairly arbitrary information
into the system() function, you probably own the machine even without
this overflow.

cjs
-- 
Curt Sampson  <cjs@xxxxxxxxx>   +81 90 7737 2974   http://www.NetBSD.org
    Don't you know, in this new Dark Age, we're all light.  --XTC

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Re: Buffer Overflow in ActivePerl ?
  - From: Nick FitzGerald

Prev by Date: [Full-Disclosure] [SECURITY] [DSA 505-1] New cvs packages fix remote exploit
Next by Date: [Full-Disclosure] FreeBSD Security Advisory FreeBSD-SA-04:10.cvs
Previous by thread: Re: [Full-Disclosure] Re: Buffer Overflow in ActivePerl ?
Next by thread: Re: [Full-Disclosure] Buffer Overflow in ActivePerl ?
Index(es):
- Date
- Thread