[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Re: Format String Vulnerabilities in Perl Programs
- To: "Michael J. Pomraning" <mjp@xxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Re: Format String Vulnerabilities in Perl Programs
- From: Stan Bubrouski <stan.bubrouski@xxxxxxxxx>
- Date: Sun, 4 Dec 2005 01:44:29 -0500
On 12/3/05, Michael J. Pomraning <mjp@xxxxxxxxxxxxxx> wrote:
<SNIP>
> For Perl projects, I'd also nominate syslog(), from the standard Sys::Syslog
> module, for special attention. It's common in *NIX environments regardless
> of programmers' backgrounds and is extremely likely to be called with
> untrusted data interpolated directly in the format string argument --
> syslog("info", "A user said $user_input"), for example.
>
This has been mentioned numerous times, including this week (?), nothing new.
-sb
> Regards,
> Mike
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/