Ubuntu 4.10 / 5.04 / 5.10 : perl vulnerability (USN-222-1)

Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the...

USN-222-2: Perl vulnerability

USN-222-1 fixed a vulnerability in the Perl interpreter. It was discovered that the version of USN-222-1 was not sufficient to handle all possible cases of malformed input that could lead to arbitrary code execution, so another update is necessary. Original advisory: Jack Louis of Dyad Security...

[Full-disclosure] Webmin miniserv.pl format string vulnerability

SUMMARY. The webmin miniserv.pl' web server component is vulnerable to a new class of exploitable remote code perl format string vulnerabilities. During the login process it is possible to trigger this vulnerability via a crafted username parameter containing format string data. In the observed...

perl, webmin, usermin -- perl format string integer wrap vulnerability

The Perl Development page reports: Dyad Security recently released a security advisory explaining how in certain cases, a carefully crafted format string passed to sprintf can cause a buffer overflow. This buffer overflow can then be used by an attacker to execute code on the machine. This was...