Vigil@nce - Perl Locale-Maketext: code execution via brackets
January 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When an attacker can control the parameter of the maketext()
method of the Perl Locale::Maketext module, he can inject Perl
code, which is executed.
Impacted products: Unix (platform)
Severity: 2/4
Creation date: 08/01/2013
DESCRIPTION OF THE VULNERABILITY
The Perl Locale::Maketext module is used to translate text
messages to user’s language.
The maketext() method converts from a language to another. For
example, "bonjour" is replaced by "hello".
Brackets can be used to indicate variable parameters. For example:
print $h->maketext(’hello [_1]’, ’Bob’);
In order to do so, the Perl module dynamically generates a
function, using the provided string. However, special characters
(such as backtick ’`’, which is used to call Perl code) are not
filtered.
When an attacker can control the parameter of the maketext()
method of the Perl Locale::Maketext module, he can therefore
inject Perl code, which is executed.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-Locale-Maketext-code-execution-via-brackets-12289