Patches fix sprintf buffer overflow
Thu, 15-Dec-2005 by
The Perl community has released a fix to the sprintf function
that was recently discovered to have a buffer overflow in very specific
cases. All Perl users should consider updating immediately.
Dyad Security recently released
a security advisory
explaining how in certain cases, a carefully crafted format string
passed to sprintf can cause a buffer overflow. This buffer
overflow can then be used by an attacker to execute code on the machine.
This was discovered in the context of a design problem with the Webmin
administration package that allowed a malicious user to pass unchecked
data into sprintf. A related fix for Sys::Syslog
has already been released.
The Perl 5 Porters team have solved this sprintf overflow
problem, and have released a set of patches, specific to four different
versions of Perl.
While this specific patch fixes a buffer overflow, and thus prevents
malicious code execution, programmers must still be careful.
Patched or not, sprintf can still be used as the basis of a
denial-of-service attack. It will create huge, memory-eating blocks of
data if passed malicious format strings from an attacker. It's best if
no unchecked data from outside sources get passed to sprintf,
either directly or through a function such as syslog.
For further information, or information about The Perl Foundation, please email
pr at perlfoundation.org.
When can we expect a patch for windows 2003?
The patches are already available on the CPAN if you build from source. If you're using ActiveState's builds, that's something to direct to ActiveState.