Bug 1300 - lc, uc and others functions allow to bypass the taint system
Summary: lc, uc and others functions allow to bypass the taint system
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:
Depends on:
Blocks: 908
  Show dependency treegraph
 
Reported: 2011-05-16 09:50 CEST by Michael Scherer
Modified: 2011-05-16 17:22 CEST (History)
1 user (show)

See Also:
Source RPM: perl
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Michael Scherer 2011-05-16 09:50:35 CEST 
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1487
Michael Scherer 2011-05-16 09:50:45 CEST

Blocks: (none) => 908

Jerome Quelin 2011-05-16 12:46:21 CEST

CC: (none) => jquelin

Comment 1 Jerome Quelin 2011-05-16 14:02:37 CEST 
fixed in svn, needs to be pushed.
Comment 2 Michael Scherer 2011-05-16 17:22:43 CEST 
Seems to have been pushed.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.