ActiveState ActivePerl Local Privilege Escalation Vulnerability
BID:18269
CVE-2006-2856 |Info
ActiveState ActivePerl Local Privilege Escalation Vulnerability
| Bugtraq ID: | 18269 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jun 05 2006 12:00AM |
| Updated: | Jun 05 2006 08:32PM |
| Credit: | Kreej discovered this issue. |
| Vulnerable: |
Activestate ActivePerl 5.8.8 .817 |
| Not Vulnerable: | |
Discussion
ActiveState ActivePerl Local Privilege Escalation Vulnerability
ActiveState ActivePerl is susceptible to a local privilege-escalation vulnerability. This issue is due to a the software's failure to ensure that sufficiently secure directory permissions are enforced.
This issue allows local attackers to execute Perl script code with the privileges of other users executing ActivePerl on affected computers.
Version 5.8.8.817 of ActivePerl for Windows is vulnerable to this issue; other versions may also be affected.
ActiveState ActivePerl is susceptible to a local privilege-escalation vulnerability. This issue is due to a the software's failure to ensure that sufficiently secure directory permissions are enforced.
This issue allows local attackers to execute Perl script code with the privileges of other users executing ActivePerl on affected computers.
Version 5.8.8.817 of ActivePerl for Windows is vulnerable to this issue; other versions may also be affected.
Exploit / POC
ActiveState ActivePerl Local Privilege Escalation Vulnerability
Attackers use standard system utilities to exploit this issue.
Attackers use standard system utilities to exploit this issue.
Solution / Fix
ActiveState ActivePerl Local Privilege Escalation Vulnerability
Solution:
Reportedly, version 5.8.8.818 of ActivePerl will include a fix for this issue. Symantec has not confirmed this.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Reportedly, version 5.8.8.818 of ActivePerl will include a fix for this issue. Symantec has not confirmed this.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
ActiveState ActivePerl Local Privilege Escalation Vulnerability
References:
References:
- ActivePerl Homepage (Activestate)