SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |   



Category:   Application (Generic)  >   Perl Vendors:   Wall, Larry
Perl win32_stat() Buffer Overflow May Let Users Execute Arbitrary Code
SecurityTracker Alert ID:  1009663
SecurityTracker URL:  https://securitytracker.com/id/1009663
CVE Reference:   CVE-2004-0377   (Links to External Site)
Date:  Apr 5 2004
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, Root access via network, User access via local system, User access via network
Vendor Confirmed:  Yes  
Version(s): 5.8.3 and prior versions
Description:   iDEFENSE reported a buffer overflow vulnerability in Perl in the win32_stat() function, affecting Windows-based platforms. A user may be able to execute arbitrary code. The specific impact depends on the Perl script implementing the vulnerable function.

It is reported that when a specially crafted filename ending with a backslash character is passed to the function, a buffer overflow can be triggered, potentially resulting in the execution of arbitrary code.

The vendor was reportedly notified on February 25, 2004.

Greg MacManus is credited with discovering this flaw.

Impact:   A user may be able to execute arbitrary code. The specific impact depends on the Perl script implementing the vulnerable function.
Solution:   The vendor reportedly plans to include the fix into core Perl 5.8.4.
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function Buffer


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search


Content previously copyright SecurityGlobal.net LLC placed in the public domain on December 31, 2019.