[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Omaha.pm] Perl security flaw?

To: "Perl Mongers of Omaha, Nebraska USA" <omaha-pm@pm.org>
Subject: Re: [Omaha.pm] Perl security flaw?
From: Sidney B <sidney.omaha.pm@gmail.com>
Date: Wed, 30 Nov 2005 17:20:44 -0600
Delivered-to: mailman-omaha-pm@mailman.pm.dev
Delivered-to: omaha-pm@pm.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=MEG5DLRLnDab8+uJsEdlB+tsTdEBL1ObqLR+09WRq+J9kFzTdAt2o3oiztLO93eV0Q/RkKXOsWA5ePfySI9DbjWVLTBlOj+WZ6Co+ox0tbhIpqRrlxGqg0+dfa5iXwkKZurUx80+4+zljK34iArqSeQwNc1aUyRlCMdjAsygPi0=
In-reply-to: <3829.68.13.86.85.1133391563.squirrel@mail.linder.org>
List-archive: <http://mail.pm.org/pipermail/omaha-pm>
List-help: <mailto:omaha-pm-request@pm.org?subject=help>
List-id: "Perl Mongers of Omaha, Nebraska USA" <omaha-pm.pm.org>
List-post: <mailto:omaha-pm@pm.org>
List-subscribe: <http://mail.pm.org/mailman/listinfo/omaha-pm>, <mailto:omaha-pm-request@pm.org?subject=subscribe>
List-unsubscribe: <http://mail.pm.org/mailman/listinfo/omaha-pm>, <mailto:omaha-pm-request@pm.org?subject=unsubscribe>
References: <3829.68.13.86.85.1133391563.squirrel@mail.linder.org>
Reply-to: "Perl Mongers of Omaha, Nebraska USA" <omaha-pm@pm.org>

On 11/30/05, Daniel Linder <dan@linder.org> wrote:

http://www.networkworld.com/news/2005/113005-perl-flaw.html

It's too vaigue to help any, but it sounds like the classic use of un-checked user input being executed directly by the interperter (Perl or otherwise).

Anyone heard anything more?

http://news.zdnet.co.uk/internet/security/0,39020375,39239125,00.htm
says the vunerability is in a web based server admininstration application called Webmin.

It's not Perl. It's that one (actually, I think there are two) application. I understand it's a problem with a formatting string. I don't use web based administration applications for my web servers, so I'm not going to get overheated and damp about it. Anybody who uses Webmin might want to go see if that application has been updated, or learn to write a few basic scripts and how to add users at the command line. It's not like it's hard.

-Sidney

References:
- [Omaha.pm] Perl security flaw?
  - From: "Daniel Linder" <dan@linder.org>

Prev by Date: [Omaha.pm] Perl security flaw?
Next by Date: Re: [Omaha.pm] Perl security flaw?
Previous by thread: [Omaha.pm] Perl security flaw?
Next by thread: Re: [Omaha.pm] Perl security flaw?
Index(es):
- Date
- Thread