Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overf low Vulnerability
From: Hack Kampbjørn <hack.kampbjorn () vigilante com>
Date: Fri, 16 Nov 2001 16:09:37 +0100

-----Original Message-----
From: Jim [mailto:raxor () dexlink com]
Sent: 16. november 2001 02:55
To: bugtraq () securityfocus com
Subject: Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer
Overflow Vulnerability


Mailer: SecurityFocus
In-Reply-To: <20011115113830.45A9.SECURITY () nsfocus com>

Has anyone been able to duplicate this bug ? 

Am I wrong or does the ISAPI version of ActivePerl 
execute .plx files and not .pl as mentioned in the 
advisory ? 


You're right ActivePerl by default registers perlIIS.dll with .plx and
perl.exe with .pl. But the documentation suggests to map .pl to the DLL
instead of the EXE if the perl code is well behave (closes opened files,
releases allocated objects, if not those would first be release when the
perl process stops, being a DLL that can be a long time). And many system
administrators does this.

Hack 8-)


  By Date           By Thread  

Current thread:
  • RE: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overf low Vulnerability Hack Kampbjørn (Nov 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]