Privilege Escalation Vulnerability in SUID Perl
CVE-2000-0703

Currently unrated

Key Information:

Vendor: Larry Wall
Status: Perl
Vendor: CVE Published:; 20 October 2000

What is CVE-2000-0703?

The SUID Perl (sperl) scripting language is susceptible to a vulnerability that allows local users to escalate their privileges. This occurs due to improper handling of escape sequences, specifically '~!', before executing the /bin/mail command to send error reports. By manipulating the 'interactive' environmental variable and providing a filename with the escape sequence, malicious users can execute arbitrary code with elevated privileges. It is crucial for administrators to review their use of SUID Perl and apply necessary patches or restrict access to mitigate the risks associated with this vulnerability.

References

http://www.turbolinux.com/pipermail/tl-security-announce/...

vendor-advisoryx_refsource_TURBO

http://www.securityfocus.com/bid/1547

vdb-entryx_refsource_BID

http://www.redhat.com/support/errata/RHSA-2000-048.html

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2000
Vulnerability Reserved
Sep 19, 2000

Larry Wall

What is CVE-2000-0703?

References

Timeline