Lucene search
+L
Larry WallPerl

12 matches found

CVE
CVE
added 2005/02/07 5:0 a.m.150 views

CVE-2005-0155

The CVE-2005-0155 entry concerns the Perl PerlIO/ setuid wrapper (sperl) in Perl 5.8.0. The vulnerability arises when PERLIO_DEBUG is set, allowing a local user to cause the sperl process to create arbitrary files (or append debugging information), effectively giving root privileges through a loc...

4.6CVSS6AI score0.01199EPSS
CVE
CVE
added 2007/11/07 8:0 p.m.135 views

CVE-2007-5116

CVE-2007-5116 is a Perl vulnerability in the 5.8 release affecting the Regular Expression Engine (regcomp.c) where a buffer overflow can allow a remote attacker to execute arbitrary code by switching from byte to Unicode in a regex. Public-facing sources in the connected documents (including a VM...

7.5CVSS9.8AI score0.0483EPSS
CVE
CVE
added 2005/03/12 5:0 a.m.105 views

CVE-2005-0448

CVE-2005-0448 affects the Perl File::Path.rmtree code path in Perl before 5.8.4. The race condition in File::Path.pm (rmtree) may allow local users to create arbitrary setuid binaries in the directory tree being deleted. This entry is corroborated by multiple connected advisories and Nessus plugi...

1.2CVSS5.8AI score0.00387EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.96 views

CVE-2004-0452

CVE-2004-0452 : Race condition in File::Path::rmtree in Perl 5.6.1 and 5.8.4 sets world-write permissions, enabling local users to delete arbitrary files/directories and potentially read them via a symlink attack. This is tied to the Perl File::Path module and the rmtree operation. No explicit fi...

2.6CVSS5.9AI score0.00406EPSS
CVE
CVE
added 2005/02/07 5:0 a.m.96 views

CVE-2005-0156

The CVE-2005-0156 issue affects Perl 5.8.0 when built with setuid support (sperl). The vulnerability is a buffer overflow in the PerlIO implementation that can be triggered by setting PERLIO_DEBUG and running a Perl script whose full pathname has a long directory tree. This allows local users to ...

2.1CVSS7AI score0.01315EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.85 views

CVE-2003-0900

Connected Nessus/NASL entries show that CVE-2003-0900 is mentioned as a related random-seed-for-fork issue in the context of Ruby upgrades, specifically noting that Ruby before 1.8.6-p114 does not reset the random seed on fork, a related issue to CVE-2003-0900. Additional advisories (CVE-2011-300...

5CVSS6.1AI score0.0124EPSS
CVE
CVE
added 2004/10/20 4:0 a.m.82 views

CVE-2004-0976

CVE-2004-0976 affects the perl package, notably in Trustix Secure Linux 1.5–2.1 and similar OSes, due to a symlink attack that lets local users overwrite files via temporary files. Root cause is insecure temporary file handling in Perl modules; impact is local with partial integrity impact and no...

2.1CVSS5.8AI score0.00427EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.75 views

CVE-1999-0034

CVE-1999-0034 affects the suidperl (sperl) component in Perl 4.x and 5.x, with the root cause described as a buffer overflow in suidperl. Documented impact indicates complete confidentiality, integrity, and availability compromises (local attack vector, no authentication, no user interaction requ...

7.2CVSS7.7AI score0.01175EPSS
CVE
CVE
added 2004/04/06 4:0 a.m.65 views

CVE-2004-0377

CVE-2004-0377: A buffer overflow in the win32_stat wrapper used by ActivePerl (ActiveState) and Larry Wall’s Perl up to 5.8.3 allows local or remote code execution when a filename ends with a backslash. Exploitation depends on how the vulnerable Perl is used by an application; Windows environment...

10CVSS7.7AI score0.0686EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.51 views

CVE-2000-0703

CVE-2000-0703 affects suidperl (sperl). The vulnerability arises because suidperl does not properly cleanse the escape sequence "~!" before invoking /bin/mail to report errors. This enables local users to gain privileges by setting the interactive environmental variable and running suidperl with ...

7.2CVSS6.9AI score0.01112EPSS
CVE
CVE
added 2005/08/04 4:0 a.m.51 views

CVE-2004-2286

CVE-2004-2286 maps to an integer overflow in ActivePerl’s duplication operator, enabling remote DoS and potentially arbitrary code execution via a large multiplier. Affected: ActivePerl 5.x up to 5.8.3 and earlier. Root cause: overflow during duplication. Impact: Denial of service and possible co...

7.5CVSS8.1AI score0.07997EPSS
CVE
CVE
added 2005/12/16 11:0 a.m.50 views

CVE-2005-4278

CVE-2005-4278 is an Untrusted search path vulnerability affecting Perl prior to 5.8.7-r1 on Gentoo Linux. Local users in the portage group can gain privileges by placing a malicious shared object in the Portage temporary build directory, which is in RUNPATH. Connected advisories (GLSA 200510-14, ...

7.2CVSS6.3AI score0.00397EPSS