ePerl Remote Buffer Overflow Vulnerability
BID:2464
Info
ePerl Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 2464 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2001-0458 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 07 2001 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | Discovered by Fumitoshi Ukai and Denis Barbier |
| Vulnerable: |
Ralf S. Engelschall ePerl 2.2.13 Ralf S. Engelschall ePerl 2.2.12 |
| Not Vulnerable: | |
Discussion
ePerl Remote Buffer Overflow Vulnerability
ePerl, a multipurpose Perl interpreter, contains several string operations which are performed insecurely.
If the data copied is externally-supplied, it may be possible for an attacker to exploit these insecure function calls as stack based buffer overflows.
If ePerl is installed setuid root, which is an optional configuration, an attacker may be able to execute arbitrary code with superuser privileges.
ePerl, a multipurpose Perl interpreter, contains several string operations which are performed insecurely.
If the data copied is externally-supplied, it may be possible for an attacker to exploit these insecure function calls as stack based buffer overflows.
If ePerl is installed setuid root, which is an optional configuration, an attacker may be able to execute arbitrary code with superuser privileges.
Exploit / POC
ePerl Remote Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
ePerl Remote Buffer Overflow Vulnerability
Solution:
upgraded ePerl packages have been supplied for Debian GNU/Linux 2.2 and Linux-Mandrake 7.1, 7.2 and Corporate Server 1.0.1.
Ralf S. Engelschall ePerl 2.2.12
Ralf S. Engelschall ePerl 2.2.13
Solution:
upgraded ePerl packages have been supplied for Debian GNU/Linux 2.2 and Linux-Mandrake 7.1, 7.2 and Corporate Server 1.0.1.
Ralf S. Engelschall ePerl 2.2.12
-
Debian 2.2 alpha eperl_2.2.14-0.7potato2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/eper l_2.2.14-0.7potato2_alpha.deb -
Debian 2.2 ARM eperl_2.2.14-0.7potato2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/eperl_ 2.2.14-0.7potato2_arm.deb -
Debian 2.2 i386 eperl_2.2.14-0.7potato2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/eperl _2.2.14-0.7potato2_i386.deb -
Debian 2.2 ppc eperl_2.2.14-0.7potato2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ep erl_2.2.14-0.7potato2_powerpc.deb -
Debian 2.2 sparc eperl_2.2.14-0.7potato2_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/eper l_2.2.14-0.7potato2_sparc.deb -
Mandrake 1.0.1 i586 eperl-2.2.14-7.2mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/1.0.1/RPMS /eperl-2.2.14-7.2mdk.i586.rpm -
Mandrake 7.1 i586 eperl-2.2.14-7.2mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/e perl-2.2.14-7.2mdk.i586.rpm -
Mandrake 7.2 i586 eperl-2.2.14-7.1mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/e perl-2.2.14-7.1mdk.i586.rpm -
S.u.S.E. 6.3 i386 eperl-2.2.14-202.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.3/d1/eperl-2.2.14-202.i386.r pm -
S.u.S.E. 6.4 i386 eperl-2.2.14-203.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/d1/eperl-2.2.14-203.i386.r pm -
S.u.S.E. 7.0 i386 eperl-2.2.14-203.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.0/d1/eperl-2.2.14-203.i386.r pm -
S.u.S.E. 7.1 i386 eperl-2.2.14-206.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/d2/eperl-2.2.14-206.i386.r pm -
S.u.S.E. 7.1 sparc eperl-2.2.14-193.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/d2/eperl-2.2.14-193.sparc .rpm
Ralf S. Engelschall ePerl 2.2.13
-
Debian 2.2 alpha eperl_2.2.14-0.7potato2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/eper l_2.2.14-0.7potato2_alpha.deb -
Debian 2.2 ARM eperl_2.2.14-0.7potato2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/eperl_ 2.2.14-0.7potato2_arm.deb -
Debian 2.2 i386 eperl_2.2.14-0.7potato2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/eperl _2.2.14-0.7potato2_i386.deb -
Debian 2.2 ppc eperl_2.2.14-0.7potato2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ep erl_2.2.14-0.7potato2_powerpc.deb -
Debian 2.2 sparc eperl_2.2.14-0.7potato2_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/eper l_2.2.14-0.7potato2_sparc.deb -
Mandrake 1.0.1 i586 eperl-2.2.14-7.2mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/1.0.1/RPMS /eperl-2.2.14-7.2mdk.i586.rpm -
Mandrake 7.1 i586 eperl-2.2.14-7.2mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/e perl-2.2.14-7.2mdk.i586.rpm -
Mandrake 7.2 i586 eperl-2.2.14-7.1mdk.i586.rpm
ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/e perl-2.2.14-7.1mdk.i586.rpm -
S.u.S.E. 6.3 i386 eperl-2.2.14-202.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.3/d1/eperl-2.2.14-202.i386.r pm -
S.u.S.E. 6.4 i386 eperl-2.2.14-203.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/d1/eperl-2.2.14-203.i386.r pm -
S.u.S.E. 7.0 i386 eperl-2.2.14-203.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.0/d1/eperl-2.2.14-203.i386.r pm -
S.u.S.E. 7.1 i386 eperl-2.2.14-206.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/d2/eperl-2.2.14-206.i386.r pm -
S.u.S.E. 7.1 sparc eperl-2.2.14-193.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/d2/eperl-2.2.14-193.sparc .rpm
References
ePerl Remote Buffer Overflow Vulnerability
References:
References: