develooper Front page | perl.perl5.porters | Postings from March 2021

Disclosing a Security Vulnerability in perl v5.30.0

Thread Next
From:
Amir Naseredini
Date:
March 1, 2021 13:45
Subject:
Disclosing a Security Vulnerability in perl v5.30.0
Message ID:
CWLP265MB3602F4DF1A115ABA5B7FF065A49A9@CWLP265MB3602.GBRP265.PROD.OUTLOOK.COM
Hello,
I hope you are safe and well.

We want to responsibility disclose to you that in the process of evaluating your product against Spectre attacks during our recent work, our group was able to exploit a program interpreted with perl v5.30.0 and extract secret data from it.

Spectre exploits the mismatch between architectural and microarchitectural states by mistraining branch predictors, so victim code (called gadget) executes a mispredicted branch and then rolls back the architectural state. in our attack written in C, the victim was written in Perl and compiled with perl v5.30.0.

We show in our work, that it is possible to develop Spectre attacks that exploit the vulnerability in the program interpreted with perl v5.30.0. In addition, we were not able to find any active mitigations in your product.

Please feel free to contact us should you have any further questions or concerns. We would also be happy to share the paper with you confidentially.

Warm regards,
Amir Naseredini
PhD candidate at the University of Sussex and visiting researcher at TU Graz

P.S. I have actually contacted you regarding Spectre mitigations in November as well!


Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About