During a security audit of one of our perl-based webapplications we noticed that there is a potential security problem in the CGI.pm version included in RHEL3. Later issues of perl seems to have this fixed. The problem lies in the way $script_name is obtained: The s/some_client_provided_data/some_other_client_provided_data/ call is a potential issue as the client can provide complicated regular expressions which eat lots-o-ram [tm]. This could lead to a denial-of-service issue. A patch for the RPM is attached. Version-Release number of selected component (if applicable): 5.8.0-88.7
Created attachment 107134 [details] better way of obtaining $script_name This is the silent fix which seems to have been incorporated into recent perl releases.
This requires a valid regexp that will (to some extent) self match after decoding, therefore this isn't going to be a siginificant DoS on any reasonable system (there would be many better ways of doing a DoS). We're fixing it in an update due shortly however.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-105.html