Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 09 Mar 2012 12:10:27 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>,
        oss-security@...ts.openwall.com
CC: Niko Tyni <ntyni@...ian.org>, Dominic Hargreaves <dom@...th.li>
Subject: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl
 / perl-YAML-LibYAML: Multiple format string flaws

Hello Kurt, Steve, vendors,

Case #1:
========
Two format string flaws were found in the way perl-DBD-Pg, a Perl language
PostgreSQL DBI implementation, performed:
1) turning of database notices into appropriate Perl language warning messages,
2) preparation of particular DBD statement.

A rogue server could provide a specially-crafted database warning or
specially-crafted DBD statement, which once processed by the perl-DBD-Pg
interface would lead to perl-DBD-Pg based process crash.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536
[2] https://bugzilla.redhat.com/show_bug.cgi?id=801733

CPAN ticket:
[3] https://rt.cpan.org/Public/Bug/Display.html?id=75642

Patch proposed by Niko Tyni:
[4] 
https://rt.cpan.org/Ticket/Attachment/1047954/547725/0001-Explicitly-warn-and-croak-with-controlled-format-str.patch

Case #2:
========
Multiple format string flaws were found in the way perl-YAML-LibYAML, Perl YAML
serialization using XS and libyaml, performed:
1) error reporting by loading of general YAML stream,
2) error reporting by loading of YAML node,
3) error reporting by loading of YAML mapping into a Perl hash, and
4) error reporting by loading of YAML sequence into a Perl array.

A remote attacker could provide a specially-crafted YAML document, which once
processed by the perl-YAML-LibYAML interface would lead to perl-YAML-LibYAML
based process crash.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548
[2] https://bugzilla.redhat.com/show_bug.cgi?id=801738

CPAN tickets:
[3] https://rt.cpan.org/Public/Bug/Display.html?id=75365
[4] https://rt.cpan.org/Public/Bug/Display.html?id=46507

Proposed patch:
[5] https://rt.cpan.org/Ticket/Attachment/920541/477607/YAML-LibYAML-0.35-format-error.patch

Could you allocate two CVE ids for these? (one for libdbd-pg-perl / perl-DBD-Pg
and one for libyaml-libyaml-perl / perl-YAML-LibYAML)

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ