[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] new class of exploitable (remote code) perl format string

From: Jason Dixon <jason@xxxxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] new class of exploitable (remote code) perl format string
Date: Wed, 30 Nov 2005 13:54:17 -0500

On Nov 30, 2005, at 12:10 PM, Randal L. Schwartz wrote:

"Jeremiah" == Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx> writes:


Jeremiah> Danger level rises for Perl flaws
Jeremiah> http://news.com.com/Danger+level+rises+for+Perl+flaws/
Jeremiah> 2100-1002_3-5975954.html?part=rss&tag=5975954&subj=news

I've seen the details, and I'm angry with the reporting.  The problem
is not *Perl*. The problem is *undereducated Perl Programmers*.

As if folks were just *now* realizing Webmin is an insecure hunk of crap.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/

References:
- [WEB SECURITY] new class of exploitable (remote code) perl format string
  - From: Jeremiah Grossman
- Re: [WEB SECURITY] new class of exploitable (remote code) perl format string
  - From: Randal L. Schwartz

Prev by Date: [WEB SECURITY] sequence of cookies in a request
Next by Date: [WEB SECURITY] "RSS Is Worm Bot's Next Target"
Previous by thread: Re: [WEB SECURITY] new class of exploitable (remote code) perl format string
Next by thread: [WEB SECURITY] Anti frame-busting code in Internet Explorer
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site