Perl on Mac OS X $< Compile Time Privilege Escalation Issue

2005-12-13T06:48:03
ID OSVDB:21800
Type osvdb
Reporter Jason Self()
Modified 2005-12-13T06:48:03

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered in Perl when using the '$<' variable to set uid when dropping privileges, which may cause the operation to fail and the application to continue running with root privileges. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered in Perl when using the '$<' variable to set uid when dropping privileges, which may cause the operation to fail and the application to continue running with root privileges. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.perl.org/ Vendor Specific Advisory URL Secunia Advisory ID:19064 Secunia Advisory ID:17922 News Article: http://www.informationweek.com/news/showArticle.jhtml;?articleID=181500394 ISS X-Force ID: 23561 FrSIRT Advisory: ADV-2005-2869 CVE-2005-4217 Bugtraq ID: 15833