Buffer Overflow Vulnerability in Perl 5.8.0 Affects Local Users
CVE-2005-0156

Currently unrated

Key Information:

Vendor: Larry Wall
Status: Perl; Propack
Vendor: CVE Published:; 7 February 2005

What is CVE-2005-0156?

This vulnerability allows local users to exploit a buffer overflow in the PerlIO implementation of Perl 5.8.0 when it is installed with setuid support. By setting the PERLIO_DEBUG environment variable and executing a Perl script with an excessively long pathname, attackers can potentially execute arbitrary code on the affected system. This exploit underscores the importance of configuring Perl installations securely to mitigate such risks.

References

http://marc.info/?l=full-disclosure&m=110779721503111&w=2

mailing-listx_refsource_FULLDISC

http://www.digitalmunition.com/DMA%5B2005-0131b%5D.txt

x_refsource_MISC

http://www.securityfocus.com/bid/12426

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2005
Vulnerability Reserved
Jan 27, 2005

Larry Wall

What is CVE-2005-0156?

References

Timeline