vendor:
suidperl
by:
Aleph One
7.2
CVSS
HIGH
Buffer Overflow
120 (Buffer Copy without Checking Size of Input)
CWE
Product Name: suidperl
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2001
Buffer Overflow in suidperl
Several buffer overflows were found in the Perl helper application 'suidperl' or 'sperl'. When this program is installed setuid root the overflows may lead to a local root compromise. An exploit code is provided which uses a standard shellcode by Aleph One and trial and error loop to find the magic address.
Mitigation:
Ensure that the suidperl application is not installed setuid root and that all patches are up to date.