ActivePerl Vulnerability
Created 12/18/02
CVE 2001-0815
Impact
A remote attacker could execute arbitrary commands on the
web server.
Background
ActivePerl
is an implementation of the PERL programming language.
The Windows version of ActivePerl contains an ISAPI extension
called PerlIS.dll which allows the IIS
web server to process HTTP requests for
PERL scripts. Whenever a PERL file is requested
by a client, PerlIS.dll is executed on the
server, regardless of whether or not the requested file
actually exists on the server.
The Problem
Due to a buffer overflow condition in PerlIS.dll,
a remote attacker could
execute arbitrary commands by submitting a request for a
PERL program with long, specially crafted file name.
The attacker would gain Local SYSTEM privileges
on a server running IIS 4.0, or IWAM_server_name privileges
on a server running IIS 5.0, where server_name is the
name of the server. ActivePerl 5.6.1.629 and earlier for
Microsoft Windows is affected by this vulnerability.
Resolution
Download
ActivePerl 5.6.1.630 or higher, or configure IIS to check that
the file name exists before running the ActivePerl ISAPI.
To configure IIS this way:
- Choose Internet Services Manager from the Administrative Tools menu
- Right-click on your web site
- Choose Properties
- Choose the Home Directory tab
- Click on the Configuration button
- Choose the entry which includes PerlIS.dll
- Click on the Edit button
- Select the Check that file exists check box
- Click on the Okay button until you are back to the Internet Services Manager
Where can I read more about this?
This vulnerability was reported in
NSFocus Security Advisory 2001-07.