Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Buffer Overflow Vulnerability in ActiveState Perl and Perl for cygwin - exploit.company
header-logo
Suggest Exploit
vendor:
ActiveState Perl and Perl for cygwin
by:
Not provided
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: ActiveState Perl and Perl for cygwin
Affected Version From: Not provided
Affected Version To: Not provided
Patch Exists: Not provided
Related CWE: Not provided
CPE: Not provided
Metasploit:
Other Scripts:
Platforms Tested: Not provided
Not provided

Buffer Overflow Vulnerability in ActiveState Perl and Perl for cygwin

A buffer overflow vulnerability exists in ActiveState Perl and Perl for cygwin due to a lack of sufficient bounds checking on data passed to the Perl system() function call. This vulnerability allows an attacker to manipulate the execution flow of a vulnerable Perl script and execute arbitrary code. The arbitrary code execution occurs within the context of the user running the malicious Perl script.

Mitigation:

Apply the necessary updates or patches provided by the vendor to address the buffer overflow vulnerability. Avoid running untrusted Perl scripts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10375/info

ActiveState Perl and Perl for cygwin are both reported to be prone to a buffer overflow vulnerability. 

The issue is reported to exist due to a lack of sufficient bounds checking that is performed on data that is passed to a Perl system() function call. This vulnerability may permit an attacker to influence execution flow of a vulnerable Perl script to ultimately execute arbitrary code. Arbitrary code execution will occur in the context of the user who is running the malicious Perl script.

perl -e "$a="A" x 256; system($a)"

Navigation

Suggest Exploit

Services By CQR