2249525 – (CVE-2023-47039) CVE-2023-47039 perl: Perl for Windows binary hijacking vulnerability

Bug 2249525 (CVE-2023-47039) - CVE-2023-47039 perl: Perl for Windows binary hijacking vulnerability

Summary: CVE-2023-47039 perl: Perl for Windows binary hijacking vulnerability

Keywords:
Status:	NEW
Alias:	CVE-2023-47039
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2249528
TreeView+	depends on / blocked

Reported:	2023-11-13 16:55 UTC by Mauro Matteo Cascella
Modified:	2024-01-02 05:18 UTC (History)
CC List:	1 user (show)
Fixed In Version:	perl 5.32.1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Mauro Matteo Cascella 2023-11-13 16:55:33 UTC

Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory.

An attacker with limited privileges can exploit this behavior by placing `cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

Note You need to log in before you can comment on or make changes to this bug.