Description:
Kevin Finisterre has reported two vulnerabilities in Perl, which can be exploited by malicious, local users to gain escalated privileges.

1) An error in the handling of debug message output in setuid root perl scripts can be exploited to output debug messages to arbitrary files by manipulating the "PERLIO_DEBUG" environment variable.

2) A boundary error in the handling of the "PERLIO_DEBUG" environment variable can be exploited to cause a buffer overflow and execute arbitrary code with root privileges by calling a setuid root perl script with a specially crafted, overly long "PERLIO_DEBUG" environment variable.

Solution:
Only grant trusted users access to affected systems.

Provided and/or discovered by:
Kevin Finisterre

Original Advisory:
http://www.ubuntulinux.org/support/documentation/usn/usn-72-1
and http://secunia.com/advisories/14120/.
  • Comment on Perl "PERLIO_DEBUG" Privilege Escalation Vulnerabilities

Replies are listed 'Best First'.
Re: Perl "PERLIO_DEBUG" Privilege Escalation Vulnerabilities
by dragonchild (Archbishop) on Feb 04, 2005 at 19:08 UTC
    Solution:
    Only grant trusted users access to affected systems.

    There's another one - don't use setuid root perl scripts. They are the Unix equivalent of the Trusted Zone in Win32, with the same inherent structural issues.

    Being right, does not endow the right to be rude; politeness costs nothing.
    Being unknowing, is not the same as being stupid.
    Expressing a contrary opinion, whether to the individual or the group, is more often a sign of deeper thought than of cantankerous belligerence.
    Do not mistake your goals as the only goals; your opinion as the only opinion; your confidence as correctness. Saying you know better is not the same as explaining you know better.