Vulnerabilities > CVE-2004-2022 - Buffer Overflow vulnerability in Multiple Perl Implementation System Function Call
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Exploit-Db
| description | ActivePerl 5.x,Cygwin 1.5.x System Function Call Buffer Overflow Vulnerability. CVE-2004-2022. Dos exploit for windows platform |
| id | EDB-ID:24128 |
| last seen | 2016-02-02 |
| modified | 2004-05-18 |
| published | 2004-05-18 |
| reporter | Oliver Karow |
| source | https://www.exploit-db.com/download/24128/ |
| title | ActivePerl 5.x / Cygwin 1.5.x - System Function Call Buffer Overflow Vulnerability |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html
- http://marc.info/?l=bugtraq&m=108489894009025&w=2
- http://marc.info/?l=full-disclosure&m=108482796105922&w=2
- http://marc.info/?l=full-disclosure&m=108483058514596&w=2
- http://marc.info/?l=full-disclosure&m=108489112131099&w=2
- http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt
- http://www.perlmonks.org/index.pl?node_id=354145
- http://www.securityfocus.com/bid/10375
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16169