perl published advisory
aaron posted in exploits, interesting on December 1st, 2005
Here is the actual advisory from Dyad on the perl format string exploit issue I posted about yesterday. A patch has been proposed, but isn’t official yet. They also mention that there are several other exploitable programs that they know about today. Hopefully anyone using webmin is smart enough to keep it firewalled off in the first place. Someone needs to audit SlashCode for this, =), they don’t look very active.
update: Here is a paper with more details, examples, and a few more vulnerable programs.