FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

perl, webmin, usermin -- perl format string integer wrap vulnerability

Affected packages
5.6.0 <= perl < 5.6.2
5.8.0 <= perl < 5.8.7_1
webmin < 1.250
usermin < 1.180


VuXML ID bb33981a-7ac6-11da-bf72-00123f589060
Discovery 2005-09-23
Entry 2006-02-15

The Perl Development page reports:

Dyad Security recently released a security advisory explaining how in certain cases, a carefully crafted format string passed to sprintf can cause a buffer overflow. This buffer overflow can then be used by an attacker to execute code on the machine. This was discovered in the context of a design problem with the Webmin administration package that allowed a malicious user to pass unchecked data into sprintf.


Bugtraq ID 15629
CVE Name CVE-2005-3912
CVE Name CVE-2005-3962