ActivePerl Vulnerability

Created 12/18/02
CVE 2001-0815

Impact

A remote attacker could execute arbitrary commands on the web server.

Background

ActivePerl is an implementation of the PERL programming language. The Windows version of ActivePerl contains an ISAPI extension called PerlIS.dll which allows the IIS web server to process HTTP requests for PERL scripts. Whenever a PERL file is requested by a client, PerlIS.dll is executed on the server, regardless of whether or not the requested file actually exists on the server.

The Problem

Due to a buffer overflow condition in PerlIS.dll, a remote attacker could execute arbitrary commands by submitting a request for a PERL program with long, specially crafted file name. The attacker would gain Local SYSTEM privileges on a server running IIS 4.0, or IWAM_server_name privileges on a server running IIS 5.0, where server_name is the name of the server. ActivePerl 5.6.1.629 and earlier for Microsoft Windows is affected by this vulnerability.

Resolution

Download ActivePerl 5.6.1.630 or higher, or configure IIS to check that the file name exists before running the ActivePerl ISAPI. To configure IIS this way:
  1. Choose Internet Services Manager from the Administrative Tools menu
  2. Right-click on your web site
  3. Choose Properties
  4. Choose the Home Directory tab
  5. Click on the Configuration button
  6. Choose the entry which includes PerlIS.dll
  7. Click on the Edit button
  8. Select the Check that file exists check box
  9. Click on the Okay button until you are back to the Internet Services Manager

Where can I read more about this?

This vulnerability was reported in NSFocus Security Advisory 2001-07.