November 24th, 2014

perl published advisory

Here is the actual advisory from Dyad on the perl format string exploit issue I posted about yesterday. A patch has been proposed, but isn’t official yet. They also mention that there are several other exploitable programs that they know about today. Hopefully anyone using webmin is smart enough to keep it firewalled off in the first place. Someone needs to audit SlashCode for this, =), they don’t look very active.

update: Here is a paper with more details, examples, and a few more vulnerable programs.

Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS