RE: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overf low Vulnerability

[Hack Kampbjørn <hack.kampbjorn () vigilante com>]

> -----Original Message-----
> From: Jim [mailto:raxor () dexlink com]
> Sent: 16. november 2001 02:55
> To: bugtraq () securityfocus com
> Subject: Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer
> Overflow Vulnerability
>
>
> Mailer: SecurityFocus
> In-Reply-To: <20011115113830.45A9.SECURITY () nsfocus com>
>
> Has anyone been able to duplicate this bug ? 
>
> Am I wrong or does the ISAPI version of ActivePerl 
> execute .plx files and not .pl as mentioned in the 
> advisory ? 

You're right ActivePerl by default registers perlIIS.dll with .plx and
perl.exe with .pl. But the documentation suggests to map .pl to the DLL
instead of the EXE if the perl code is well behave (closes opened files,
releases allocated objects, if not those would first be release when the
perl process stops, being a DLL that can be a long time). And many system
administrators does this.

Hack 8-)