Ralf S. Engelschall ePerl 2.2.13
Ralf S. Engelschall ePerl 2.2.12
ePerl, a multipurpose Perl interpreter, contains several string operations which are performed insecurely.
If the data copied is externally-supplied, it may be possible for an attacker to exploit these insecure function calls as stack based buffer overflows.
If ePerl is installed setuid root, which is an optional configuration, an attacker may be able to execute arbitrary code with superuser privileges.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
upgraded ePerl packages have been supplied for Debian GNU/Linux 2.2 and Linux-Mandrake 7.1, 7.2 and Corporate Server 1.0.1.