Perl 5.x - 'lc' and 'uc' Functions TAINT Mode Protection Security Bypass Weakness

2011-03-30T00:00:00
ID EDB-ID:35554
Type exploitdb
Reporter mmartinec
Modified 2011-03-30T00:00:00

Description

Perl 5.x 'lc()' and 'uc()' Functions TAINT Mode Protection Security Bypass Weakness. CVE-2011-1487 . Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/47124/info

Perl is prone to a security-bypass weakness that occurs when laundering tainted input.

Attackers can leverage this issue to bypass security checks in perl applications that rely on TAINT mode protection functionality. This opens such applications up to potential attacks that take advantage of the software's failure to properly sanitize user-supplied input. 

The following example input is available:

> perl -Te 'use Scalar::Util qw(tainted); $t=$0; $u=lc($t); printf("%d,%d\n",tainted($t),tainted($u))'

> perl -Te 'use Scalar::Util qw(tainted); $t=$0; $u=lc($t); printf("%d,%d\n",tainted($t),tainted($u))'