The following code belong to Apache http.config file. This config given below is used to configure perl cgi on apache for a particular directory. But this config is flawed and could create a series of security issues. I have seen this config in a lot of online tutorials and people been blindly following this settings. We have a daily security challenge going on our facebook page and I posted this issue over there:

https://www.facebook.com/Garage4Hack...477936/?type=1

[Buggy Config ]

Code:
PerlSetEnv scriptLoc /var/www/scripts/
Alias /var/www/scripts/ /var/code/scripts
<Location /var/www/scripts/>
  SetHandler perl-script
  PerlResponseHandler ModPerl::Registry
  Options +ExecCGI
  PerlSendHeader On
  allow from all
</Location>
What sethandler does when placed into an .htaccess file or a <Directory> or <Location> section is, this directive forces all matching files to be parsed through the handler given by handler-name. So in our case the handler will make any files kept in the script directory to be parsed as perl. In that case rahul.jpeg, sasi.txt or sasi.pl.tx will all be treated as a perl script. This bug could be combined with any file write vulnerability to have a code execution.


http://httpd.apache.org/docs/2.2/mod...tml#sethandler

The right configuration should be Addhandler, and explicitly specifying what file extension should be treated as perl code. http://httpd.apache.org/docs/2.2/mod...tml#addhandler

AddHandler perl-script .pl

Regards,
Rahul Sasi