<br><br><div><span class="gmail_quote">On 11/30/05, <b class="gmail_sendername">Daniel Linder</b> <<a href="mailto:dan@linder.org">dan@linder.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<a href="http://www.networkworld.com/news/2005/113005-perl-flaw.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.networkworld.com/news/2005/113005-perl-flaw.html</a><br>
<br>
It's too vaigue to help any, but it sounds like the classic use of
un-checked user input being executed directly by the interperter (Perl or
otherwise). <br>
<br>
Anyone heard anything more?<br>
</blockquote></div><br>
<br>
<a href="http://news.zdnet.co.uk/internet/security/0,39020375,39239125,00.htm">http://news.zdnet.co.uk/internet/security/0,39020375,39239125,00.htm</a> <br>
says the vunerability is in a web based server admininstration application called Webmin. <br>
<br>
It's not Perl. It's that one (actually, I think there are two)
application. I understand it's a problem with a formatting
string. I don't use web based administration applications for my
web servers, so I'm not going to get overheated and damp about
it. Anybody who uses Webmin might want to go see if that
application has been updated, or learn to write a few basic scripts and
how to add users at the command line. It's not like it's hard. <br>
<br>
-Sidney<br>