Kevin Finisterre has reported two vulnerabilities in Perl, which can be exploited by malicious, local users to gain escalated privileges.
1) An error in the handling of debug message output in setuid root perl scripts can be exploited to output debug messages to arbitrary files by manipulating the "PERLIO_DEBUG" environment variable.
2) A boundary error in the handling of the "PERLIO_DEBUG" environment variable can be exploited to cause a buffer overflow and execute arbitrary code with root privileges by calling a setuid root perl script with a specially crafted, overly long "PERLIO_DEBUG" environment variable.
Only grant trusted users access to affected systems.
Provided and/or discovered by: