NodeReaper has asked for the wisdom of the Perl Monks concerning the following question:

This node was taken out by the NodeReaper on Tue May 18 14:16:11 2004 (EST)

Replies are listed 'Best First'.
Re: Buffer Overflow in Perl?
by sgifford (Prior) on May 18, 2004 at 18:02 UTC
    This was reported on Bugtraq today. Regardless of whose fault it is, it's a bug in Perl that should be fixed. It looks like this bug is likely to be exploitable. Taking advantage of this wouldn't be straightforward, but may be possible if part of the string passed to system is under user control. This would seem to already be a security problem, but if the programmer carefully checked the contents of the user's input but not its length, this buffer overflow could make a previously secure script insecure.
[reply]
[d/l]

Back to Seekers of Perl Wisdom