PT-2006-3774 · Activestate · Activeperl

Published

2006-06-06

Updated

2017-07-20

CVE-2006-2856

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ActiveState ActivePerl version 5.8.8.817 for Windows

Description The issue allows local users to gain privileges by creating a malicious sitecustomize.pl file in the site/lib directory, due to the directory being configured with "Users" group permissions for changing files.

Recommendations For ActiveState ActivePerl version 5.8.8.817 for Windows, consider restricting write access to the site/lib directory to prevent local users from creating malicious files, such as sitecustomize.pl, until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2856

Affected Products

Activeperl

PT-2006-3774 · Activestate · Activeperl

CVE-2006-2856

Related Identifiers

Affected Products

References · 6