Vigil@nce - Perl Digest: code execution via new
October 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When the attacker can indicate the algorithm name in the Perl
Digest->new() method, he can execute code.
Severity: 2/4
Creation date: 04/10/2011
IMPACTED PRODUCTS
– Microsoft Windows - plateform
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Perl Digest module is a generic interface to cryptographic
hashing modules (MD5, SHA-1, etc.)
The initialization of a hashing suite uses the new() method:
$md5 = Digest->new("MD5");
The Perl Digest module does not itself implements the hashing
algorithms. It calls external classes. For example, the previous
call executes the (simplified) command:
eval "require MD5";
The algorithm name is thus inserted in an evaluated (executed)
command.
When the attacker can indicate the algorithm name in the Perl
Digest->new() method, he can therefore execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-Digest-code-execution-via-new-11031