Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • by Abigail (26) on 2005.12.14 6:27 (#45139) Journal
    Let's see. Webmin uses Sys::Syslog, whose syslog function, unlike its C-library cousin, passes its arguments to sprintf, a Perl function that contains an integer overflow bug. sprintf also happily accepts tainted data.

    Yet you claim the fault lies entirely at the side of webmin.

    I disagree. Sure, webmin has a fault, but the results of the fault wouldn't be as damaging as they are now because of the overflow bug in sprintf.