perl format strings and webmin
aaron posted in exploits, interesting on November 30th, 2005
This could get nasty real fast. There is supposedly an advisory coming out for perl itself from dyadsecurity that could have far-reaching effects. While this was recently triggered from just a webmin advisory, if it turns out to be true, it could affect scads of other things written in perl. As alluded to in the Full-Disclosure list posts, this could be a “new” type of format-string exploit for perl. Beware.
Update: Looks like this has been confirmed by others