Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

Patch to sprintf() Fixes Buffer Overflow

posted by davorg on 2005.12.15 4:20   Printer-friendly
Andy Lester writes "Perl 5 Porters have released a fix to the sprintf function that was recently discovered to have a buffer overflow in very specific cases. All Perl users should consider updating immediately. Dyad Security recently released a security advisory explaining how in certain cases, a carefully crafted format string passed to sprintf can cause a buffer overflow. This buffer overflow can then be used by an attacker to execute code on the machine. This was discovered in the context of a design problem with the Webmin administration package that allowed a malicious user to pass unchecked data into sprintf. A related fix for Sys::Syslog has already been released."
"The Perl 5 Porters team have solved this sprintf overflow problem, and have released a set of patches, specific to four different versions of Perl. While this specific patch fixes a buffer overflow, and thus prevents malicious code execution, programmers must still be careful. Patched or not, sprintf can still be used as the basis of a denial-of-service attack. It will create huge, memory-eating blocks of data if passed malicious format strings from an attacker. It's best if no unchecked data from outside sources get passed to sprintf, either directly or through a function such as syslog.

For further information, or information about The Perl Foundation, please email pr at perlfoundation.org."
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Those version numbers are incomplete: it looks from your list that some versions (such as 5.8.6) aren't covered, but actually some patches cover a range of versions.

    Specifically, sprintf-5.8.2.patch is for both 5.8.1 and 5.8.2, and sprintf-5.8.7.patch is for all of 5.8.4 to 5.8.7.

    Smylers