Author: JT Smith
At LWN.net: “The ePerl program is a interpreter for the Embedded Perl 5 Language.
It’s main purpose is to serve as Webserver scripting language for dynamic
HTML page programming. Besides this it could also serve as a standalone
Unix filter.
Fumitoshi Ukai and Denis Barbier have found several potential buffer
overflows, which could lead to local privilege escalation if installed
setuid (note: it’s not installed setuid per default) or to remote
compromise.
It’s main purpose is to serve as Webserver scripting language for dynamic
HTML page programming. Besides this it could also serve as a standalone
Unix filter.
Fumitoshi Ukai and Denis Barbier have found several potential buffer
overflows, which could lead to local privilege escalation if installed
setuid (note: it’s not installed setuid per default) or to remote
compromise.
There is currently no efficient measure against the security problems
in the eperl perl interpreter other than not using or updating it.”
Category:
- Linux
