File::ExtAttr XS getfattr() Overflow

2006-01-01T14:33:22
ID OSVDB:22160
Type osvdb
Reporter OSVDB
Modified 2006-01-01T14:33:22

Description

Vulnerability Description

A local overflow exists in the File::ExtAttr perl module. The getfattr function fails to correctly validate the length of special attributes of files resulting in an off-by-one overflow. With a specially crafted file, an attacker can cause perl to crash resulting in a loss of availability.

Solution Description

Upgrade to version 0.03 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in the File::ExtAttr perl module. The getfattr function fails to correctly validate the length of special attributes of files resulting in an off-by-one overflow. With a specially crafted file, an attacker can cause perl to crash resulting in a loss of availability.

References:

Vendor URL: http://file-extattr.sourceforge.net/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=382199&group_id=153116 Secunia Advisory ID:18253 FrSIRT Advisory: ADV-2006-0013 CVE-2006-0077 Bugtraq ID: 16118