Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2000-0703

Published: 20/10/2000 Updated: 10/09/2008
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 730
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Larry Wall

Vulnerability Summary

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

Vulnerable Product Search on Vulmon Subscribe to Product

larry wall perl 5.4.5

larry wall perl 5.5

larry wall perl 5.5.3

larry wall perl 5.6

Exploits

Exploit DB: SUIDPerl 5.00503 - Mail Shell Escape (1)
source: wwwsecurityfocuscom/bid/1547/info The interaction between some security checks performed by suidperl, the setuid version of perl, and the /bin/mail program creates a scenario that allows local malicious users to execute commands with root privileges The suidperl program performs a number of checks to make sure it can't be fooled ...
Exploit DB: SUIDPerl 5.00503 - Mail Shell Escape (2)
source: wwwsecurityfocuscom/bid/1547/info The interaction between some security checks performed by suidperl, the setuid version of perl, and the /bin/mail program creates a scenario that allows local malicious users to execute commands with root privileges The suidperl program performs a number of checks to make sure it can't be fool ...

References

NVD-CWE-Otherhttp://archives.neohapsis.com/archives/bugtraq/2000-08/0022.htmlhttp://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txthttp://www.securityfocus.com/bid/1547http://www.novell.com/linux/security/advisories/suse_security_announce_59.htmlhttp://www.redhat.com/support/errata/RHSA-2000-048.htmlhttp://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-08/0153.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-08/0086.htmlhttp://archives.neohapsis.com/archives/bugtraq/2000-08/0113.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/20141/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook