Re: Searching for sprintf() bug exploit opportunities in core and CPAN modules


more useful options
	PerlMonks

Re: Searching for sprintf() bug exploit opportunities in core and CPAN modules

by zshzn (Hermit)

on Dec 02, 2005 at 15:51 UTC ( [id://513618]=note: print w/replies, xml )

Need Help??

in reply to Searching for sprintf() bug exploit opportunities in core and CPAN modules

I'm very concerned about this. Red flags popped up in my mind when I saw the original syslog() vulnerability. Even with a quick patch to Perl_sv_vcatpvfn and more pertinent security checking, this could hound Perl and seriously damage Perl's security reputation. We need to take this as seriously as possible.

Comment on Re: Searching for sprintf() bug exploit opportunities in core and CPAN modules

Replies are listed 'Best First'.

Re^2: Searching for sprintf() bug exploit opportunities in core and CPAN modules
by Perl Mouse (Chaplain) on Dec 05, 2005 at 12:56 UTC

I'm very concerned about this.

Red flags popped up in my mind when I saw the original syslog() vulnerability. Even with a quick patch to Perl_sv_vcatpvfn and more pertinent security checking, this could hound Perl and seriously damage Perl's security reputation.

syslog

rm

user input

syslog

Care should be taken, yes. But it's not a disaster.

Perl --((8:>*

[reply]

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://513618]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others browsing the Monastery: (7)

As of 2024-04-25 11:24 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found