Perl suidperl on FreeBSD Local Privilege Escalation

1996-06-28T00:00:00
ID OSVDB:6520
Type osvdb
Reporter OSVDB
Modified 1996-06-28T00:00:00

Description

Vulnerability Description

FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the setuid bit of the suidperl version of perl is enabled. This flaw may allow a malicious user to execute perl scripts with elevated privileges resulting in a loss of integrity.

Technical Description

This vulnerability in Larry Wall's Perl programming language versions 4 and 5 affects more vendors than FreeBSD. However, this vulnerability is specific to FreeBSD in that FreeBSD's implimentation of Perl by the design of a port Makefile creates a race condition. Its setuid versions are installed with the setuid bit enabled.

Solution Description

It is possible to correct the flaw by implementing the following workaround(s): disable the setuid bit on all copies of the setuid version of perl.

chmod 111 /usr/bin/suidperl

chmod 111 /usr/bin/sperl4.036

Also, FreeBSD has released a patch.

Short Description

FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the setuid bit of the suidperl version of perl is enabled. This flaw may allow a malicious user to execute perl scripts with elevated privileges resulting in a loss of integrity.

References:

Vendor URL: http://www.freebsd.org Vendor URL: http://www.wall.org/~larry/perl.html Vendor Specific Advisory URL