perl5.10 and CVE-2009-1391
olli hauer
ohauer at gmx.de
Wed Jul 8 05:53:39 UTC 2009
Hi,
I found an entry for CVE entry for perl5.10 while patching my OpenBSD
systems.
Description CVE-2009-1391:
Off-by-one error in the inflate function in Zlib.xs in
Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS,
SpamAssassin, and possibly other products, allows context
-dependent attackers to cause a denial of service (hang or crash) via a
crafted zlib compressed stream that triggers a heap-based buffer
overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
After a quick compare between the OpenBSD perl and the perl5.10 port it
seems the FreeBSD port is also affected.
See Notes:
http://openbsd.org/errata45.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1391
Quick compare between OpenBSD perl (patched) and FreeBSD port.
diff -Nru ext.FreeBSD/Compress/Raw/Zlib/Zlib.xs
ext.OpenBSD/Compress/Raw/Zlib/Zlib.xs
--- ext.FreeBSD/Compress/Raw/Zlib/Zlib.xs 2007-12-18
11:47:07.000000000 +0100
+++ ext.OpenBSD/Compress/Raw/Zlib/Zlib.xs 2009-07-07
12:02:51.000000000 +0200
@@ -1295,7 +1295,7 @@
if (s->stream.avail_out == 0 ) {
/* out of space in the output buffer so make it bigger */
- Sv_Grow(output, SvLEN(output) + bufinc) ;
+ Sv_Grow(output, SvLEN(output) + bufinc +1) ;
cur_length += increment ;
s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) +
cur_length ;
increment = bufinc ;
Regards,
olli
More information about the freebsd-perl
mailing list