[Phoenix-pm] The integer overflow bug

Scott Walters scott at illogics.org
Thu Dec 1 00:19:01 PST 2005 

Hi folks,

If you're using variables for field lengths in printf/sprintf, make sure 
users have no particular influence on those variables (validate heavily
and set bounds).

-scott

----- Forwarded message from Andy Lester <andy at petdance.com> -----

Return-Path: perl5-porters-return-107020-scott=slowass.net at perl.org
X-Original-To: scott at slowass.net
Delivered-To: scott at slowass.net
Received: from lists.develooper.com (x6.develooper.com [63.251.223.186])
	by slowass.net (Postfix) with SMTP id BCEB9553A5
	for <scott at slowass.net>; Thu,  1 Dec 2005 04:15:14 +0000 (GMT)
Received: (qmail 21293 invoked by uid 514); 1 Dec 2005 04:06:30 -0000
Mailing-List: contact perl5-porters-help at perl.org; run by ezmlm
Precedence: bulk
list-help: <mailto:perl5-porters-help at perl.org>
list-unsubscribe: <mailto:perl5-porters-unsubscribe at perl.org>
list-post: <mailto:perl5-porters at perl.org>
X-List-Archive: <http://nntp.perl.org/group/perl.perl5.porters/107020>
List-Id: <perl5-porters.perl.org>
Delivered-To: mailing list perl5-porters at perl.org
Received: (qmail 21281 invoked from network); 1 Dec 2005 04:06:30 -0000
Delivered-To: perl5-porters at perl.org
X-Spam-Status: No, hits=-2.6 required=8.0
	tests=BAYES_00,SPF_PASS
X-Spam-Check-By: la.mx.develooper.com
Received-SPF: pass (x1.develooper.com: domain of andy at petdance.com designates 68.164.161.90 as permitted sender)
Mime-Version: 1.0 (Apple Message framework v746.2)
Content-Transfer-Encoding: 7bit
Message-Id: <3C6F804B-139B-487D-BE66-69A1DE065660 at petdance.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: perl5-porters at perl.org
From: Andy Lester <andy at petdance.com>
Subject: The integer overflow bug
Date: Wed, 30 Nov 2005 22:06:14 -0600
X-Mailer: Apple Mail (2.746.2)

I'm holding off on rebutting the articles that have been published  
about Webmin.  Nat puts it succinctly: "You can't split hairs with  
the article. webmin's authors fucked up. Perl's authors fucked up. if  
Perl's authors hadn't fucked up, webmin users would only be DoSable.  
As it is, they may be (which means they have to assume they are)  
0wnable."

Since they ARE 0wnable, I don't see that there's any point in  
discussing it publicly until we have a fix.  If we didn't have this  
integer overflow, then we could rightly say "Hey, it's their own fault."

Do we have a timeframe on 5.8.8?  http://www.dyadsecurity.com/adv/ 
perl.adv gives a fix.

xoxo,
Andy (wearing his PR hat)


-- 
Andy Lester => andy at petdance.com => www.petdance.com => AIM:petdance



----- End forwarded message -----

More information about the Phoenix-pm mailing list