CVE-2005-0155

Perl 5.8.0 - Arbitrary File Creation via PERLIO_DEBUG Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0155. PoCs published by Kevin Finisterre.

AI-analyzed exploit summary This exploit leverages the PERLIO_DEBUG environment variable vulnerability in sperl5.8.4 to overwrite /etc/ld.so.preload with a malicious shared library, leading to privilege escalation by hijacking the getuid() function.

Description

The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · clocallinux

https://www.exploit-db.com/exploits/792

View Code ZIP pw:eip

This exploit leverages the PERLIO_DEBUG environment variable vulnerability in sperl5.8.4 to overwrite /etc/ld.so.preload with a malicious shared library, leading to privilege escalation by hijacking the getuid() function.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: sperl5.8.4

No auth needed

Prerequisites: Presence of sperl5.8.4 on the target system · Write access to /etc/ld.so.preload

MITRE ATT&CK

T1548.001 - Setuid and Setgid T1574.006 - Dynamic Linker Hijacking

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16

Core References

Patch vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2005/0003/

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12426

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21646

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-105.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14120

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-103.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19207

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110737149402683&w=2

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056

Mailing List vendor-advisory x_refsource_fedora

http://fedoranews.org/updates/FEDORA--.shtml

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10404

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2005:031

Mailing List mailing-list x_refsource_fulldisc

http://marc.info/?l=full-disclosure&m=110779723332339&w=2

Various Sources x_refsource_misc

http://www.digitalmunition.com/DMA%5B2005-0131a%5D.txt

Patch, Vendor Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm

Scores

EPSS 0.0120

EPSS Percentile 64.1%

Details

Status published

Products (1)

larry_wall/perl 5.8.0

Published May 02, 2005

Tracked Since Feb 18, 2026