[NEWS] ActivePerl Leaks True Path

From: support@securiteam.com
Date: 01/05/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Sat,  5 Jan 2002 20:46:37 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  ActivePerl Leaks True Path
------------------------------------------------------------------------

SUMMARY

 <http://www.activeperl.com/Products/ActivePerl/> ActivePerl is
ActiveState's quality-assured distribution of Perl, available for Linux,
Solaris, and Windows. ActivePerl contains the Perl language, the Perl
Package Manager, (for installing CPAN packages), and complete online help.
A security vulnerability occurs whenever ActivePerl is used as a Perl
interpreter, the vulnerability allows attackers to retrieve the true path
of the server.

DETAILS

Whenever a request URL with .pl extension that does not exist in CGI-BIN
is sent to the web server, the Perl interpreter (in our case ActivePerl)
will return an error that includes the full true path of the web server.

Example:
CGI Error
The specified CGI application misbehaved by not returning a complete set
of HTTP headers. The headers it did return are:

Can't open perl script "C:\Inetpub\wwwroot\cgi-bin\link1s.pl": No such
file or directory

Workaround:
Define a custom error page for 502 errors to hide your path.

ADDITIONAL INFORMATION

The information has been provided by <mailto:shaltera@yahoo.com> antoan
miroslavov and <mailto:alan.fong@city.ottawa.on.ca> alan fong.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages