eperl -- Remote code execution

2001-06-21T00:00:00
ID 73EFB1B7-07EC-11E2-A391-000C29033C32
Type freebsd
Reporter FreeBSD
Modified 2001-06-21T00:00:00

Description

David Madison reports:

ePerl is a multipurpose Perl filter and interpreter program for Unix systems. The ePerl preprocessor contains an input validation error. The preprocessor allows foreign data to be "safely" included using the 'sinclude' directive. The problem occurs when a file referenced by a 'sinclude' directive contains a 'include' directive; the contents of the file referred to by the second directive will be loaded and executed.