Vigil@nce - Perl: bypassing Taint via File-Spec-canonpath
March 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass the Taint mechanism of Perl, when an
application uses the File::Spec::canonpath() function.
Impacted products: Debian, Fedora, Perl Core, Perl Module not
comprehensive, Ubuntu.
Severity: 2/4.
Creation date: 12/01/2016.
DESCRIPTION OF THE VULNERABILITY
The Perl product contains the PathTools suite, which provides the
File::Spec class.
The File::Spec::canonpath() function canonizes a file path.
However, this function always returns an untainted string, even if
the input was tainted (from an untrusted source).
An attacker can therefore bypass the Taint mechanism of Perl, when
an application uses the File::Spec::canonpath() function.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Perl-bypassing-Taint-via-File-Spec-canonpath-18682