oss-sec mailing list archives

"New Class of Vulnerability in Perl Web Applications"

From: Solar Designer <solar () openwall com>
Date: Tue, 7 Oct 2014 15:13:51 +0400

Hi,

I feel this is worth bringing in here (and I wish someone wrote a proper
mailing list posting with this info, to have it properly archived):

New Class of Vulnerability in Perl Web Applications
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/

"While perl may have a particularly subtle manifestation, this is not Perl-specific."
http://www.reddit.com/r/netsec/comments/2ihen0/new_class_of_vulnerability_in_perl_web/

Bugzilla 4.0.14, 4.2.10, 4.4.5, and 4.5.5 Security Advisory
http://www.bugzilla.org/security/4.0.14/

Bug 1074812 - (CVE-2014-1572) [SECURITY] The 'realname' parameter is not correctly filtered on user account creation, 
leading to user data override
https://bugzilla.mozilla.org/show_bug.cgi?id=1074812

http://www.opennet.ru/opennews/art.shtml?num=40766 (Russian)

Alexander

Current thread:

"New Class of Vulnerability in Perl Web Applications" Solar Designer (Oct 07)