Privilege Escalation via Suidperl's Improper Escape Sequence Handling

Privilege Escalation via Suidperl's Improper Escape Sequence Handling

CVE-2000-0703 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

Learn more about our User Device Pen Test.