November 24th, 2014

perl format strings and webmin

This could get nasty real fast. There is supposedly an advisory coming out for perl itself from dyadsecurity that could have far-reaching effects. While this was recently triggered from just a webmin advisory, if it turns out to be true, it could affect scads of other things written in perl. As alluded to in the Full-Disclosure list posts, this could be a “new” type of format-string exploit for perl. Beware.

Update: Looks like this has been confirmed by others

Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS