Vulnerability: Perlbot Email Sending Remote Command Execution

It has been reported that a remote command execution bug exists in Perlbot. By constructing a malicious request, it may be possible for a remote attacker to execute arbitrary commands, with the privileges of Perlbot.


This issue was reported for Perlbot v1.0 beta.

Remote: Yes
Exploit: No

Solution: A workaround suggested by guejez is to replace the following line: open (MAIL,"| $sendmail $recipient") || die $!; With: open (MAIL,"| $sendmail -t") || die $!;

Solution:

The vendor will reportedly fix this vulnerability in a newer release of Perlbot.

Source: http://www.xatrix.org/article2038.html