Bugtraq mailing list archives
RE: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overf low Vulnerability
From: Hack Kampbjørn <hack.kampbjorn () vigilante com>
Date: Fri, 16 Nov 2001 16:09:37 +0100
-----Original Message----- From: Jim [mailto:raxor () dexlink com] Sent: 16. november 2001 02:55 To: bugtraq () securityfocus com Subject: Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability Mailer: SecurityFocus In-Reply-To: <20011115113830.45A9.SECURITY () nsfocus com> Has anyone been able to duplicate this bug ? Am I wrong or does the ISAPI version of ActivePerl execute .plx files and not .pl as mentioned in the advisory ?
You're right ActivePerl by default registers perlIIS.dll with .plx and perl.exe with .pl. But the documentation suggests to map .pl to the DLL instead of the EXE if the perl code is well behave (closes opened files, releases allocated objects, if not those would first be release when the perl process stops, being a DLL that can be a long time). And many system administrators does this. Hack 8-)
Current thread:
- RE: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overf low Vulnerability Hack Kampbjørn (Nov 19)