Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2000-0703

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

  • Published: Oct 20, 2000
  • Updated: Apr 13, 2023
  • CVE: CVE-2000-0703
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.2
  • AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Software From Fixed in
larry_wall / perl 5.6 5.6.x
larry_wall / perl 5.5 5.5.x
larry_wall / perl 5.5.3 5.5.3.x
larry_wall / perl 5.4.5 5.4.5.x