ePerl Foreign Code Execution Vulnerability

ePerl is a multipurpose Perl filter and interpreter program for Unix systems.

The ePerl preprocessor contains an input validation error. The preprocessor allows foreign data to be "safely" included using the 'sinclude' directive.

The problem occurs when a file referenced by a 'sinclude' directive contains a 'include' directive; the contents of the file referred to by the second directive will be loaded and executed.


Privacy Statement
Copyright 2010, SecurityFocus