Larry Wall » Perl » 5.5 : Security Vulnerabilities, CVEs, Published In October 2000
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-10-20
Updated
2008-09-10
1 vulnerabilities found