CVE-2000-0703

NONE EPSS 62.0%
Published Oct 20, 200025y ago · Modified Jun 16, 20262w ago
Find Similar
Published Oct 20, 2000 25y ago
Last Modified Jun 16, 2026 2w ago

Description

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

Threat Intelligence

EPSS Exploit Probability
62.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Affected Products 4

VendorProductVersionRange
larry_wallperl5.4.5any
larry_wallperl5.5any
larry_wallperl5.5.3any
larry_wallperl5.6any

References 9

  • archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html
    ExploitVendor Advisory
  • archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html
  • archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html
  • archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html
  • calderasystems.com http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt
    PatchVendor Advisory
  • novell.com http://www.novell.com/linux/security/advisories/suse_security_announce_59.html
  • redhat.com http://www.redhat.com/support/errata/RHSA-2000-048.html
  • securityfocus.com http://www.securityfocus.com/bid/1547
    ExploitPatchVendor Advisory
  • turbolinux.com http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html

Remediation

  • calderasystems.com http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt
    PatchVendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/1547
    ExploitPatchVendor Advisory