CVE-2000-0703

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:larry_wall:perl:5.4.5:*:*:*:*:*:*:*
cpe:2.3:a:larry_wall:perl:5.5:*:*:*:*:*:*:*
cpe:2.3:a:larry_wall:perl:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:larry_wall:perl:5.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2000-10-20 04:00

Updated : 2024-02-28 10:24


NVD link : CVE-2000-0703

Mitre link : CVE-2000-0703

CVE.ORG link : CVE-2000-0703


JSON object : View

Products Affected

larry_wall

  • perl