Bug 801733 (CVE-2012-1151) - CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Perl warnings and by preparing DBD statement
Summary: CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Per...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-1151
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 841129 841130 841131 841132 841133
Blocks: 801749
TreeView+ depends on / blocked
 
Reported: 2012-03-09 10:00 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:51 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-07-25 17:18:44 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1116 0 normal SHIPPED_LIVE Moderate: perl-DBD-Pg security update 2012-07-25 20:57:52 UTC

Description Jan Lieskovsky 2012-03-09 10:00:32 UTC
Two format string flaws were found in the way perl-DBD-Pg, a Perl language PostgreSQL DBI implementation, performed:
1) turning of database notices into appropriate Perl language warning messages,
2) preparation of particular DBD statement.

A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536

CPAN ticket:
[2] https://rt.cpan.org/Public/Bug/Display.html?id=75642

Patch proposed by Niko Tyni:
[3] https://rt.cpan.org/Ticket/Attachment/1047954/547725/0001-Explicitly-warn-and-croak-with-controlled-format-str.patch

Comment 1 Jan Lieskovsky 2012-03-09 10:26:24 UTC
This issue affects the versions of the perl-DBD-Pg package, as shipped with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the perl-DBD-Pg package, as shipped with Fedora release of 15 and 16.

--

This issue affects the version of the perl-DBD-Pg package, as shipped with Red Hat Application Stack-v2.

Comment 2 Jan Lieskovsky 2012-03-09 11:11:50 UTC
CVE request:
[4] http://www.openwall.com/lists/oss-security/2012/03/09/6

Comment 3 Kurt Seifried 2012-03-10 06:11:24 UTC
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/10/4

Comment 4 Huzaifa S. Sidhpurwala 2012-07-02 08:51:46 UTC
warn() function is not protected by fortify source format string protections, 
(read bug 836931), hence assuming that format string exploitation can cause ACE

Comment 8 Huzaifa S. Sidhpurwala 2012-07-18 08:47:19 UTC
Created perl-DBD-Pg tracking bugs for this issue

Affects: fedora-all [bug 841133]

Comment 10 errata-xmlrpc 2012-07-25 16:58:34 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2012:1116 https://rhn.redhat.com/errata/RHSA-2012-1116.html


Note You need to log in before you can comment on or make changes to this bug.