perl DoS updated since 03.07.2009
Published:		20.08.2009
Source:		BUGTRAQ
SecurityVulns ID:		10035
Type:		library
Level:		5/10
Description:		Crash on processing zlib stream via Compress::Raw::Zlib and bzip2 stream in Compress-Raw-Bzip2.

Affected:		PERL : perl 5.10
CVE:		CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.)
		CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.)

Original document		MANDRIVA, [ MDVSA-2009:207 ] perl-Compress-Raw-Bzip2 (20.08.2009)
		UBUNTU, [USN-794-1] Perl vulnerability (03.07.2009)

Discuss:

Read or add your comments to this news (0 comments)