[4151] in bugtraq
Secuirty Hole In Older Perl Installs...
daemon@ATHENA.MIT.EDU (Ken Robson)
Tue Mar 11 10:37:09 1997
Date: Tue, 11 Mar 1997 08:41:23 -0000
Reply-To: Ken Robson <krobson@USA.NET>
From: Ken Robson <krobson@USA.NET>
X-To: "ntsecurity@iss.net" <ntsecurity@iss.net>
To: BUGTRAQ@NETSPACE.ORG
Hi Folks,
Recently I have installed a couple of the distributions of Perl 5.001 from Hip onto NT boxes. Unfortunately Perl updates the system global variables and does the following to your path:-
PATH=.;c:\perl;%PATH%
As you can see this makes it extremely easy to create trojan horse type attacks as it usually ensures that your current directory is read before any system directories, etc.
Thanks,
Ken.
PS - This does not happen in the beta of 5.003 from ActiveWare.
