GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Aug 10, 2006 8:26 pm Post subject: [ GLSA 200608-18 ] Net::Server: Format string vulnerability |
|
|
Gentoo Linux Security Advisory
Title: Net::Server: Format string vulnerability (GLSA 200608-18)
Severity: normal
Exploitable: remote
Date: August 10, 2006
Bug(s): #142386
ID: 200608-18
Synopsis
A format string vulnerability has been reported in Net::Server which can be exploited to cause a Denial of Service.
Background
Net::Server is an extensible, generic Perl server engine. It is used by several Perl applications like Postgrey.
Affected Packages
Package: dev-perl/net-server
Vulnerable: < 0.88
Unaffected: >= 0.88
Architectures: All supported architectures
Description
The log function of Net::Server does not handle format string specifiers properly before they are sent to syslog.
Impact
By sending a specially crafted datastream to an application using Net::Server, an attacker could cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Net::Server should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/net-server-0.88" |
References
CVE-2005-1127 |
|