Perl 5.x - Digest Module 'Digest->new()' Code Injection

EDB-ID:

36199


Author:

anonymous

Type:

remote


Platform:

Linux

Date:

2011-10-02


source: https://www.securityfocus.com/bid/49911/info

The Digest module for Perl is prone to a vulnerability that will let attackers inject and execute arbitrary Perl code.

Remote attackers can exploit this issue to run arbitrary code in the context of the affected application.

Digest versions prior to 1.17 are affected. 

Digest->new("::MD5lprint 'ownaide\n';exit(1);");