Описание
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2004-2022
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16169
- http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html
- http://marc.info/?l=bugtraq&m=108489894009025&w=2
- http://marc.info/?l=full-disclosure&m=108482796105922&w=2
- http://marc.info/?l=full-disclosure&m=108483058514596&w=2
- http://marc.info/?l=full-disclosure&m=108489112131099&w=2
- http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt
- http://www.perlmonks.org/index.pl?node_id=354145
- http://www.securityfocus.com/bid/10375
EPSS
CVE ID
Связанные уязвимости
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
EPSS