Date: Sun, 12 Jun 2011 16:49:33 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security@...ts.openwall.com, Damyan Ivanov <dmn@...ian.org>, Mark Stosberg <mark@...mersault.com>, 629511@...s.debian.org, Iain Arnell <iarnell@...il.com>, Marcela Maslanova <mmaslano@...hat.com> Subject: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used Hello, Josh, Steve, vendors, It was found that perl-Data-FormValidator, a HTML form user input validator, used to treat certain invalid fields as valid, when the untaint_all_constraints directive was used (default for majority of Data-FormValidator routines). A remote attacker could use this flaw to bypass perl Taint mode protection mechanism via specially-crafted input provided to the HTML form. Note: Hopefully Damyan, Mark can clarify here, if valid data from Data-FormValidator are automatically marked as untainted for perl Taint mode or not. If there still is perl Taint mode protection check present, even on valid Data-FormValidator data and it couldn't happen, that tainted data would be passed further to the script processing, then this is not a security issue. References:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511  https://rt.cpan.org/Public/Bug/Display.html?id=61792  https://bugzilla.redhat.com/show_bug.cgi?id=712694 Could you allocate a CVE id for this? Thank you & Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ