It has been reported that a remote command execution bug exists in Perlbot. By constructing a malicious request, it may be possible for a remote attacker to execute arbitrary commands, with the privileges of Perlbot.

This issue was reported for Perlbot v1.0 beta.

Remote: Yes
Exploit: No

Solution: A workaround suggested by guejez is to replace the following line: open (MAIL,"| $sendmail $recipient") || die $!; With: open (MAIL,"| $sendmail -t") || die $!;


The vendor will reportedly fix this vulnerability in a newer release of Perlbot.