Date: Wed, 8 Jul 2009 07:26:50 +0200 From: olli hauer <ohauer@gmx.de> To: freebsd-perl@freebsd.org Subject: perl5.10 and CVE-2009-1391 Message-ID: <20090708052650.GA30758@sorry.mine.nu>
next in thread | raw e-mail | index | archive | help
Hi, I found an entry for CVE entry for perl5.10 while patching my OpenBSD systems. Description CVE-2009-1391: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context -dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. After a quick compare between the OpenBSD perl and the perl5.10 port it seems the FreeBSD port is also affected. See Notes: http://openbsd.org/errata45.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1391 Quick compare between OpenBSD perl (patched) and FreeBSD port. diff -Nru ext.FreeBSD/Compress/Raw/Zlib/Zlib.xs ext.OpenBSD/Compress/Raw/Zlib/Zlib.xs --- ext.FreeBSD/Compress/Raw/Zlib/Zlib.xs 2007-12-18 11:47:07.000000000 +0100 +++ ext.OpenBSD/Compress/Raw/Zlib/Zlib.xs 2009-07-07 12:02:51.000000000 +0200 @@ -1295,7 +1295,7 @@ if (s->stream.avail_out == 0 ) { /* out of space in the output buffer so make it bigger */ - Sv_Grow(output, SvLEN(output) + bufinc) ; + Sv_Grow(output, SvLEN(output) + bufinc +1) ; cur_length += increment ; s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) + cur_length ; increment = bufinc ; Regards, olli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090708052650.GA30758>