|
Perl Explicit Format Parameter Index Integer Overflow Vulnerability
|
|
Secunia Advisory:
|
SA17802
|
|
|
Release Date:
|
2005-12-01
|
|
Last Update:
|
2005-12-22
|
|
Popularity:
|
13,128 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Perl 5.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2005-3962
|
|
Description:
Jack Louis has discovered a vulnerability in Perl, which can be exploited by malicious people to cause a Denial of Service and potentially to compromise a vulnerable Perl application.
The vulnerability is caused due to an integer overflow error in the "Perl_sv_vcatpvfn()" function of "sv.c" when handing a format string that contains an explicit format parameter index that exceeds INT_MAX. This can exploited to cause illegal memory access which causes an affected Perl application to crash.
Example:
perl -e 'printf("%2147483649\$n");'
The vulnerability has been confirmed in version 5.8.7 and also reported in versions 5.8.6 and 5.9.2. Other versions may also be affected.
Note: This vulnerability must be exploited in conjunction with a format string vulnerability in a Perl application. According to the vendor, exploitation of this vulnerability could lead to execution of arbitrary code.
Solution:
Apply patches.
Perl 5.8.0:
ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.0.patch
Perl 5.8.1 and 5.8.2:
ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.2.patch
Perl 5.8.3:
ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.3.patch
Perl 5.8.4 through 5.8.7:
ftp://ftp.cpan.org/pub/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.7.patch
Provided and/or discovered by:
Jack Louis, Dyad Security.
Changelog:
2005-12-02: Added CVE reference.
2005-12-07: Added links to US-CERT vulnerability notes.
2005-12-22: Vendor released patch information. Updated "Critical", "Solution Status", "Solution" and "Original Advisory" sections.
Original Advisory:
Perl.org:
http://www.perlfoundation.org/news/2005/sprintf_patch_released.html
Dyad Security:
http://www.dyadsecurity.com/perl-0002.html
Other References:
VU#948385:
http://www.kb.cert.org/vuls/id/948385
VU#946969:
http://www.kb.cert.org/vuls/id/946969
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
10th Oct, 2008
|
New advisories:
|
15 |
|
New vulnerabilities:
|
83 |
|
Updated advisories:
|
41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
