Red Hat Bugzilla – Bug 140227
Potential insecurity in CGI.pm
Last modified: 2007-11-30 17:07:05 EST
During a security audit of one of our perl-based webapplications we
noticed that there is a potential security problem in the CGI.pm
version included in RHEL3. Later issues of perl seems to have this fixed.
The problem lies in the way $script_name is obtained:
The s/some_client_provided_data/some_other_client_provided_data/ call
is a potential issue as the client can provide complicated regular
expressions which eat lots-o-ram [tm].
This could lead to a denial-of-service issue.
A patch for the RPM is attached.
Version-Release number of selected component (if applicable):
Created attachment 107134 [details]
better way of obtaining $script_name
This is the silent fix which seems to have been incorporated into recent perl
This requires a valid regexp that will (to some extent) self match
after decoding, therefore this isn't going to be a siginificant DoS on
any reasonable system (there would be many better ways of doing a
DoS). We're fixing it in an update due shortly however.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.