header-logo
Suggest Exploit
vendor:
ActiveState Perl and Perl for cygwin
by:
Not provided
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: ActiveState Perl and Perl for cygwin
Affected Version From: Not provided
Affected Version To: Not provided
Patch Exists: Not provided
Related CWE: Not provided
CPE: Not provided
Metasploit:
Other Scripts:
Platforms Tested: Not provided
Not provided

Buffer Overflow Vulnerability in ActiveState Perl and Perl for cygwin

A buffer overflow vulnerability exists in ActiveState Perl and Perl for cygwin due to a lack of sufficient bounds checking on data passed to the Perl system() function call. This vulnerability allows an attacker to manipulate the execution flow of a vulnerable Perl script and execute arbitrary code. The arbitrary code execution occurs within the context of the user running the malicious Perl script.

Mitigation:

Apply the necessary updates or patches provided by the vendor to address the buffer overflow vulnerability. Avoid running untrusted Perl scripts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10375/info

ActiveState Perl and Perl for cygwin are both reported to be prone to a buffer overflow vulnerability. 

The issue is reported to exist due to a lack of sufficient bounds checking that is performed on data that is passed to a Perl system() function call. This vulnerability may permit an attacker to influence execution flow of a vulnerable Perl script to ultimately execute arbitrary code. Arbitrary code execution will occur in the context of the user who is running the malicious Perl script.

perl -e "$a="A" x 256; system($a)"

Navigation

Suggest Exploit

Services By CQR