Two format string flaws were found in the way perl-DBD-Pg, a Perl language PostgreSQL DBI implementation, performed: 1) turning of database notices into appropriate Perl language warning messages, 2) preparation of particular DBD statement. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536 CPAN ticket: [2] https://rt.cpan.org/Public/Bug/Display.html?id=75642 Patch proposed by Niko Tyni: [3] https://rt.cpan.org/Ticket/Attachment/1047954/547725/0001-Explicitly-warn-and-croak-with-controlled-format-str.patch
This issue affects the versions of the perl-DBD-Pg package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the perl-DBD-Pg package, as shipped with Fedora release of 15 and 16. -- This issue affects the version of the perl-DBD-Pg package, as shipped with Red Hat Application Stack-v2.
CVE request: [4] http://www.openwall.com/lists/oss-security/2012/03/09/6
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/10/4
warn() function is not protected by fortify source format string protections, (read bug 836931), hence assuming that format string exploitation can cause ACE
Created perl-DBD-Pg tracking bugs for this issue Affects: fedora-all [bug 841133]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2012:1116 https://rhn.redhat.com/errata/RHSA-2012-1116.html