The need for email archiving
Without an effective system for archiving emails, organisations can find themselves unable to recover vital business records, leaving them open..
A type of security flaw in Perl applications that experts thought
could lead only to a denial-of-service attack is now believed to be much more serious.Dyad Security on Tuesday warned of a so-called "format string vulnerability" in Webmin, a Web-based administration utility written in Perl. An attacker could gain complete control over a server running the vulnerable software by exploiting this "new class" of flaw, the security research company said in an advisory.
"If remote code execution is successful, it would lead to a full remote root compromise in a standard configuration," according to the advisory.
Format string vulnerabilities are not new, but experts previously thought such flaws in applications written in Perl could not be used to remotely run code on a target system, experts from Symantec and eEye Digital Security said.
Such attacks have been possible via format string bugs if the application in question was coded in a lower-level programming language, such as C, according to Symantec.
"This is potentially the first in a new breed of format string vulnerabilities," said Oliver Friedrichs, the senior manager at Symantec Security Response. "Previously this was thought to be just a denial-of-service attack. Now that it is found to be exploitable, that increases the value substantially. Attackers are certainly going to start looking for them."
Perl, a popular scripting language, is widely used for Web applications, often on servers that run the Linux operating system. With the security of operating systems improving, attackers have been looking at Web applications and other software as a way to break into systems.
"Given the focus on Web applications in general, this format string vulnerability exploitability adds another tool to the chest of attackers," said Steve Manzuik, the security product manager at eEye in California. "Web servers are a good target because of a lot of Perl scripts would be available to anonymous, remote users."
Symantec and eEye have not been able to independently validate the claims by Dyad, which are backed up by security vendor Immunity. Symantec believes the claims to be true, while eEye's Manzuik isn't sure yet. "I normally take it with a grain of salt until I actually see some proof. If it turns out to be legitimate, it would be a very serious issue," he said.
To protect their systems, users of Webmin first and foremost should upgrade to the latest version of the utility, Friedrichs said. "In the longer term, you want to make sure that you are using format strings correctly in your applications," he said.
Format strings are the way programmers specify how output should be formatted in an application. A flaw occurs when a programmer uses the strings incorrectly. That could enable an attacker to read and write to memory on the system running the application, resulting in the execution of code of the attacker's choice.
It is too early to tell what the full impact of the broader scope of the format string vulnerabilities will be, Friedrichs said. "The concerning part of this is that this [Webmin flaw] is really the first in a potential growing number of format string vulnerabilities that we may see," he said.
One way that the problem may be addressed is by Perl developers, who may address the issue of format string vulnerabilities in Perl itself, Friedrichs said.
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ
Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/bcjQtY
4 minutes ago on Twitter by nikeshoes998Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/9GWZRh
4 minutes ago on Twitter by mensapparel2010Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/bPLHL8
4 minutes ago on Twitter by womensapparel20Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/bVw3F2
4 minutes ago on Twitter by lisabarnes001Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/cDUyaj
49 minutes ago on Twitter by KC616free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/cWcW1e
49 minutes ago on Twitter by KC616Cyberwar defence plan is essential, says former CIA head: Michael Hayden, former head of the CIA and the National ... http://bit.ly/beLpKQ
1 hour ago on Twitter by SpyScrollSAP leads businesses into augmented reality http://bit.ly/9eMWYp | #Droid #Android
1 hour ago on Twitter by Droid_Newsfree shipping wholesale products: We mainly supply top mirror quality brand name products, such as wholesale handb... http://bit.ly/cWcW1e
2 hours ago on Twitter by wholesalegurruCyberwar defence plan is essential, says former CIA head: Michael Hayden, former head of the CIA and the N... http://bit.ly/9sn6ax #pdln4nx
2 hours ago on Twitter by CNSInstructorOracle signs Solaris deals with HP and Dell http://bit.ly/9KVeqD
2 hours ago on Twitter by AllAboutFashionSAP leads businesses into augmented reality http://bit.ly/9eMWYp | #Droid #Android
2 hours ago on Twitter by Droid_PhoneTalkTalk to sell mobile services via Vodafone deal http://bit.ly/bLVfxI | #Droid #Android
2 hours ago on Twitter by Droid_PhoneOracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/cDUyaj
2 hours ago on Twitter by wholesalegurrufree shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/cWcW1e
2 hours ago on Twitter by wholesalegurruDoJ joins whistleblower in Oracle fraud suit http://bit.ly/bMT3SJ
2 hours ago on Twitter by felixsprisciUpdate: free shipping wholesale products - ZDNet UK (... http://www.actahandbags.com/trends/free-shipping-wholesale-products-zdnet-uk-blog/
2 hours ago on Twitter by actatrudyfree shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/bRvFgG
2 hours ago on Twitter by lisabarnes001free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/9CXYG9
2 hours ago on Twitter by mensapparel2010Without an effective system for archiving emails, organisations can find themselves unable to recover vital business records, leaving them open..
This study was conducted in the United States amoung IT decision makers with involvement in data centre purchases at companies..
'Infrastructure as a Service' gives enterprises the flexibility to subscribe to the compute power and storage they require today with 'pay..
Talkback
Why is this a Perl vulnerability? Perl is written in C, so couldn't this also be called a C vulnerability?? Put the blame where it belongs, on Webmin, not on the language in which it was written.
This problem is with a function, "printf", which is not unique to Perl, but which is used in other languages such as C and Java. Any language using the printf function is vulnerable, since the problem has to do with how that function works.
The cause of this vulnerability is sloppy programming, in particular, failing to ensure that printf is passed only legitimate data. That is the fault of the programmer, not of Perl, C, or anyone else.
No language can protect against sloppy programming.
This article reminds me of those people who sue knife manufacturers because knives are sharp and they cut themselves.
The moral: If you don't know what you're doing, chances are you're going to get hurt.