develooper Front page | perl.perl5.porters | Postings from November 2005

The integer overflow bug

Thread Next
From:
Andy Lester
Date:
November 30, 2005 20:06
Subject:
The integer overflow bug
Message ID:
3C6F804B-139B-487D-BE66-69A1DE065660@petdance.com
I'm holding off on rebutting the articles that have been published  
about Webmin.  Nat puts it succinctly: "You can't split hairs with  
the article. webmin's authors fucked up. Perl's authors fucked up. if  
Perl's authors hadn't fucked up, webmin users would only be DoSable.  
As it is, they may be (which means they have to assume they are)  
0wnable."

Since they ARE 0wnable, I don't see that there's any point in  
discussing it publicly until we have a fix.  If we didn't have this  
integer overflow, then we could rightly say "Hey, it's their own fault."

Do we have a timeframe on 5.8.8?  http://www.dyadsecurity.com/adv/ 
perl.adv gives a fix.

xoxo,
Andy (wearing his PR hat)


-- 
Andy Lester => andy@petdance.com => www.petdance.com => AIM:petdance



Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About