Perl出现漏洞
小杰、lshjhonker注意,perl出漏洞了,有兴趣拿去研究下。以上是国外站的英文资料:
Date Reported: 24 Apr 2008
Affected Packages: perl
Vulnerable: Yes
Security database references:
In the Debian bugtracking system:Bug 454792.
In Mitre's CVE dictionary: CVE-2008-1927.
More information:
It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
For the stable distribution (etch), this problem has been fixed in version 5.8.8-7etch3.
The unstable distribution (sid) will be fixed soon.
We recommend that you upgrade your perl packages.
中文资料:
Perl在处理畸形的正则表达式时存在漏洞,如果用户所提供的正则表达式字符包含在“\Q...\E”结构所保护的变量中的话,则Perl解释器在编译正则表达式时可能会出现缓冲区溢出,导致拒绝服务的情况。
评论Feed: http://www.neeao.com/blog/feed.asp?q=comment&id=5109
这篇日志没有评论.
