FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

eperl -- Remote code execution

Affected packages
eperl <= 2.2.14_4

Details

VuXML ID 73efb1b7-07ec-11e2-a391-000c29033c32
Discovery 2001-06-21
Entry 2012-09-26

David Madison reports:

ePerl is a multipurpose Perl filter and interpreter program for Unix systems. The ePerl preprocessor contains an input validation error. The preprocessor allows foreign data to be "safely" included using the 'sinclude' directive.

The problem occurs when a file referenced by a 'sinclude' directive contains a 'include' directive; the contents of the file referred to by the second directive will be loaded and executed.

References

Bugtraq ID 2912
CVE Name CVE-2001-0733
URL http://osvdb.org/show/osvdb/1880
URL http://www.shmoo.com/mail/bugtraq/jun01/msg00286.shtml
URL http://xforce.iss.net/xforce/xfdb/6743