|
|
|
|
| |
| File::Find::Object is "an object-oriented and iterative replacement for File::Find. I.e: it is a module for traversing a directory tree, and finding all the files contained within it programatically". A format string vulnerability in File-Find-Object allows local attackers to cause the program to execute arbitrary code by causing the product to go into a loop where it will try and print out the looping directory without providing a format string. |
| |
Credit:
The information has been provided by Shlomi Fish.
|
| |
Vulnerable Systems:
* File-File-Object version 0.1.0
Immune Systems:
* File-File-Object version 0.1.1
The offending code in F-F-O-0.1.0 was this:
{{{{{{{{
if ($rc) {
printf(STDERR "Avoid loop " . $self->_father($ptr)->dir() . "
-> %s\n",
$self->_current_path($current));
return 0;
}
}}}}}}}}
As one can see $self->_father($ptr)->dir() is included directly in the printf-format, which may cause a lot of unexpected behavior. There was a Perl-sprintf vulnerability a while ago, in which the Perl interpreter mis-handled some badly formatted sprintf-values, and in general letting the user input stuff directly into the printf-format field is not such a good idea.
->dir() is encountered in the directory tree that File-Find-Object traverses.
|
|
|
|
|
