local and remote compromise in eperl

2001-03-27T16:00:00
ID SUSE-SA:2001:08
Type suse
Reporter Suse
Modified 2001-03-27T16:00:00

Description

The ePerl program is a interpreter for the Embedded Perl 5 Language. It's main purpose is to serve as Webserver scripting language for dynamic HTML page programming. Besides this it could also serve as a standalone Unix filter. Fumitoshi Ukai and Denis Barbier have found several potential buffer overflows, which could lead to local privilege escalation if installed setuid (note: it's not installed setuid per default) or to remote compromise.