[23175] in bugtraq
RE: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overf
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Hack_Kampbj=F8rn?=)
Mon Nov 19 11:41:04 2001
Message-ID: <A5F256C2C72FD411BCD600508B65FE6AEDC3B2@nm-exch-cph.internal.n-m.com>
From: =?iso-8859-1?Q?Hack_Kampbj=F8rn?= <hack.kampbjorn@vigilante.com>
To: "'Jim'" <raxor@dexlink.com>, bugtraq@securityfocus.com
Date: Fri, 16 Nov 2001 16:09:37 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
> -----Original Message-----
> From: Jim [mailto:raxor@dexlink.com]
> Sent: 16. november 2001 02:55
> To: bugtraq@securityfocus.com
> Subject: Re: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer
> Overflow Vulnerability
>
>
> Mailer: SecurityFocus
> In-Reply-To: <20011115113830.45A9.SECURITY@nsfocus.com>
>
> Has anyone been able to duplicate this bug ?
>
> Am I wrong or does the ISAPI version of ActivePerl
> execute .plx files and not .pl as mentioned in the
> advisory ?
>
You're right ActivePerl by default registers perlIIS.dll with .plx and
perl.exe with .pl. But the documentation suggests to map .pl to the DLL
instead of the EXE if the perl code is well behave (closes opened files,
releases allocated objects, if not those would first be release when the
perl process stops, being a DLL that can be a long time). And many system
administrators does this.
Hack 8-)
