Perl SVN: Look module Command Injection Vulnerability
Release date:
Updated on:
Affected Systems:
Perl SVN: Look 0.39
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67945
Perl is a high-level, general, literal, and dynamic programming language.
Perl 0.39 and other versions of SVN: The Look module does not properly filter some input to pass it to the svnlook command line tool, which can cause injection and execution of arbitrary commands.
Linux Socket for inter-machine communication (Perl)
26 Anniversary of the Birth of programming language Perl
<* Source: Stephen Chazelas
Link: http://secunia.com/advisories/58595/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Perl
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
SVN-Lookup:
Https://github.com/gnustavo/SVN-Look/commit/b413ac1c397dfc6b2d164fede693f7ff9a94c83c
Stephen Chazelas:
Https://github.com/gnustavo/SVN-Look/issues/2
This article permanently updates the link address: