[原文]ActiveState ActivePerl 126.96.36.1997 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
ActivePerl sitecustomize.pl Local Privilege Escalation
Local Access Required
Loss of Integrity
ActiveState ActivePerl contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the attacker creates a malicious 'sitecustomize.pl' file in the 'site/lib' directory. This flaw may lead to a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds:
1. Create an empty sitecustomize.pl in the 'site/lib' directory.
2. Always run ActivePerl with the '-f' command line option.