| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability CVE-2009-1391
Perl Compress-Raw-Zlib: buffer overflow
Synthesis of the vulnerability
| An attacker can generate an off by one buffer overflow in Perl Compress::Raw::Zlib module. |
Severity: 2/4.
Creation date: 16/06/2009.
|
Impacted products
Description of the vulnerability
The Perl Compress::Raw::Zlib module is used by Perl programs to compress and uncompress data.
The inflate() function of the Zlib.xs file uncompresses a data bloc and adds a '\0' terminator at the end. However, this function does not check if the buffer (of size 4KiB) is big enough to contain the terminator. An overflow of one byte thus occurs.
An attacker can therefore compress 4KiB of data and send it to an application using Compress::Raw::Zlib in order to generate a denial of service and possibly to execute code. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Perl Compress-Raw-Zlib: buffer overflow.
Keywords: 4KiB Compress Compress-Raw-Zlib Perl Raw Zlib buffer overflow.
Identifiers: 504386, CERTA-2009-AVI-525, CVE-2009-1391, FEDORA-2009-6033, FEDORA-2009-7680, MDVSA-2009:157, MDVSA-2009:157-1, MDVSA-2009:174, SUSE-SR:2009:012, VIGILANCE-VUL-8800.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
Vigil@nce provides a systems vulnerabilities watch. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities.
|
