Bugtraq mailing list archives
Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability
From: <securityfocus.com.drew () overt org>
Date: 23 Nov 2001 04:22:07 -0000
Mailer: SecurityFocus In-Reply-To: <20011116015506.17854.qmail () mail securityfocus com>
From: Jim <raxor () dexlink com> Has anyone been able to duplicate this bug ?
A *default* install of IIS5 (tested in w2k pro) with ActivePerl 5.6.1.629 is *not* vulnerable to this bug. In order to become vulnerable, you must disable the "Check that file exists" option for PerlIS.dll. (In order to do this, open up the IIS MMC, right click on a (virtual) directory in your web server, choose "Properties", click on the "Configuration..." button, highlight the ".plx" item, click "Edit", and then uncheck "Check that file exists".)
Am I wrong or does the ISAPI version of ActivePerl execute .plx files and not .pl as mentioned in the advisory ?
On my test machine (win2k pro), by default perl.exe handles .pl and perlIS.dll handles .plx -- ^Drew http://guh.nu --Begin PGP Fingerprint-- 3C6C F712 0A52 BD33 C518 5798 9014 CA99 2DA0 5E78 --End PGP Fingerprint--
Current thread:
- Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability Jim (Nov 15)
- <Possible follow-ups>
- Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability Indigo (Nov 21)
- Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability securityfocus.com.drew (Nov 23)
- Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability Indigo (Nov 27)