News
Vigil@nce: Perl Compress-Raw-Zlib, buffer overflow
June 2009 by Vigil@nce
An attacker can generate an off by one buffer overflow in Perl Compress::Raw::Zlib module.
Severity: 2/4
Consequences: user access/rights, denial of service of service
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 16/06/2009
IMPACTED PRODUCTS
Fedora
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Perl Compress::Raw::Zlib module is used by Perl programs to compress and uncompress data.
The inflate() function of the Zlib.xs file uncompresses a data bloc and adds a ’\0’ terminator at the end. However, this function does not check if the buffer (of size 4KiB) is big enough to contain the terminator. An overflow of one byte thus occurs.
An attacker can therefore compress 4KiB of data and send it to an application using Compress::Raw::Zlib in order to generate a denial of service and eventually to execute code.
CHARACTERISTICS
Identifiers: 504386, CVE-2009-1391, FEDORA-2009-6033, VIGILANCE-VUL-8800
http://vigilance.fr/vulnerability/Perl-Compress-Raw-Zlib-buffer-overflow-8800
