Joined: 12 May 2004
|Posted: Thu Aug 10, 2006 8:26 pm Post subject: [ GLSA 200608-18 ] Net::Server: Format string vulnerability
|Gentoo Linux Security Advisory
Title: Net::Server: Format string vulnerability (GLSA 200608-18)
Date: August 10, 2006
A format string vulnerability has been reported in Net::Server which can be exploited to cause a Denial of Service.
Net::Server is an extensible, generic Perl server engine. It is used by several Perl applications like Postgrey.
Vulnerable: < 0.88
Unaffected: >= 0.88
Architectures: All supported architectures
The log function of Net::Server does not handle format string specifiers properly before they are sent to syslog.
By sending a specially crafted datastream to an application using Net::Server, an attacker could cause a Denial of Service.
There is no known workaround at this time.
All Net::Server should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/net-server-0.88"