Perl 'lc()' and 'uc()' Functions TAINT Mode Protection Security Bypass Weakness

Attackers can exploit this issue via readily available tools.

The following example input is available:

> perl -Te 'use Scalar::Util qw(tainted); $t=$0; $u=lc($t); printf("%d,%d\n",tainted($t),tainted($u))'

> perl -Te 'use Scalar::Util qw(tainted); $t=$0; $u=lc($t); printf("%d,%d\n",tainted($t),tainted($u))'


 

Privacy Statement
Copyright 2010, SecurityFocus