ActivePerl v516 and earlier for Windows IIS leave the server vulnerable to denial of service attacks. Exploit description included.
2f3687d774c683d6e841a03ac659a201c2f6324e910a0203b19c660d13e6a474
Date: Mon, 31 May 1999 07:16:53 -0700
From: Michael Smith <support@ACTIVESTATE.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: ActiveState Security Advisory
Problem
--------
PerlScript and Perl-ISAPI that come with ActivePerl 516 and earlier
versions, inadequately check the length of path information sent to open().
Due to limits on path and filename length in Windows, this can crash IIS
if sufficiently large strings are provided as paths or filenames.
Solution
---------
This is fixed in ActivePerl 517
Work Around
------------
If you are unable to upgrade to ActivePerl 517 then all path information
should be checked for sane lengths before being passed to open(). The
maximum length of a path, including drive, directory and filename is 259
characters. The maximum length of the filename portion of a path is 255
characters. The maximum length of the directory portion of a path is 255
characters.
example:
$filename = substr $filename, 0, 255;
open FOO, ">$filename";
General Comments
-----------------
Care should be taken when accepting input from users, especially in a web
context where users are untrusted and relatively anonymous. When designing
CGI scripts some thought should be given to checking user input for sane
values. Use of taint mode and warnings (-t and -w) are also highly
recommended.
The Activators.