|
Warning toned down on Perl app flaws |
|
|
|
Source: CNET News - Posted by Pax Dickinson
|
The Perl Foundation has toned down a warning on a type of vulnerability commonly found in applications written in the Perl programming language. Two weeks after experts sounded an alarm on so-called "format string flaws" in Perl applications, changes have been made to Perl. These updates ensure that such flaws can't be used as a conduit to run malicious code on target systems, Andy Lester, a spokesman for the Perl Foundation and co-author of the book "Pro Perl Debugging," said on Thursday.
Perl is a popular open-source programming language that's widely used for Web applications, often on servers that run the Linux operating system. Format strings are a way programmers specify how output should be formatted in an application. A flaw occurs when a programmer uses the strings incorrectly.
It was always thought that format string vulnerabilities in Perl applications could lead only to denial-of-service attacks. However, late last month experts cautioned that an attacker could exploit a format string flaw to commandeer a system running a vulnerable Perl application.
That problem occurred because of a perfect storm of two separate security issues, Lester explained. One dealt with a Perl system logging module called "Sys::Syslog," another with the often used "printf" function that formats text, he said.
Read this full article at CNET News
Powered by AkoComment! |
