[Omaha.pm] Perl security flaw?
Sidney B
sidney.omaha.pm at gmail.com
Wed Nov 30 15:20:44 PST 2005
On 11/30/05, Daniel Linder <dan at linder.org> wrote:
>
> http://www.networkworld.com/news/2005/113005-perl-flaw.html
>
> It's too vaigue to help any, but it sounds like the classic use of
> un-checked user input being executed directly by the interperter (Perl or
> otherwise).
>
> Anyone heard anything more?
>
http://news.zdnet.co.uk/internet/security/0,39020375,39239125,00.htm
says the vunerability is in a web based server admininstration application
called Webmin.
It's not Perl. It's that one (actually, I think there are two) application.
I understand it's a problem with a formatting string. I don't use web based
administration applications for my web servers, so I'm not going to get
overheated and damp about it. Anybody who uses Webmin might want to go see
if that application has been updated, or learn to write a few basic scripts
and how to add users at the command line. It's not like it's hard.
-Sidney
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pm.org/pipermail/omaha-pm/attachments/20051130/3df9c4d6/attachment.html
More information about the Omaha-pm
mailing list