ActivePerl sitecustomize.pl Local Privilege Escalation

2006-06-05T04:49:13
ID OSVDB:25974
Type osvdb
Reporter Kreej()
Modified 2006-06-05T04:49:13

Description

Vulnerability Description

ActiveState ActivePerl contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the attacker creates a malicious 'sitecustomize.pl' file in the 'site/lib' directory. This flaw may lead to a loss of integrity.

Technical Description

This issue can only be exploited on Windows operating systems.

The issue is caused due to a combination of insecure use of the 'sitecustomize.pl' file and insecure default directory permissions granting Users group to create files in 'site/lib' directory. This issue allows local attackers to execute Perl script code with the privileges of other users executing ActivePerl.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds:

  1. Create an empty sitecustomize.pl in the 'site/lib' directory.
  2. Always run ActivePerl with the '-f' command line option.

Short Description

ActiveState ActivePerl contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the attacker creates a malicious 'sitecustomize.pl' file in the 'site/lib' directory. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.activestate.com/Products/ActivePerl/ Secunia Advisory ID:20328 FrSIRT Advisory: ADV-2006-2140 CVE-2006-2856 Bugtraq ID: 18269