All geek questions in one place

Do Perl CGI programs have buffer overflows or script contact form vulnerabilities?

My hosting company claims that you can fill in an HTML text input field with just the right amount of garbage bytes to cause a buffer overflow / resource issue when used with Apache / HTTP POST in a CGI-Bin Perl script (e.g. NMS FormMail ).

It is said that a core dump occurs when an arbitrary script can be run on the server (saved as part of the text of the input field), which can jeopardize the site. They say that it’s not that they can protect against their Apache / Perl configuration - that’s before the Perl script, to prevent this by limiting the number of characters in the published fields. But it looks like a core dump could happen before the script can limit the size of the fields.

This type of contact form and method is widely used by thousands of sites, so I wonder if what they say is true. Can you security experts enlighten me, is that true? I am also wondering if the same could happen with a PHP script. What do you recommend for safe contact with the script / method site?

+3
source share
4 answers

I'm not sure if the buffer overflows, but in any case, it doesn’t hurt to limit the size of the POST. Just add the following on top of the script:

use CGI qw/:standard/;
$CGI::POST_MAX=1024 * 100;  # max 100K posts
$CGI::DISABLE_UPLOADS = 1;  # no uploads
+2
source

Ask them to provide you with a specific link to this vulnerability. I am sure that there are versions of Apache where it is possible to cause buffer overflows using specially created POST requests, but I do not know any NMS-specific FormMail.

+1
source

. .

" " " " - . , perl mod_perl httpd . , , , . , , Bugtraq.

, , . POST, . , LimitRequestBody httpd.conf. . -.

, , script ( ), . , , Apache/Perl, - Perl script, , . , , script .

, httpd ( mod_perl), httpd ( mod_perl). Perl . , perl , , perl , .

, script , - . script, , , perl . , .

+1
source

Formail was vulnerable in the past, so I believe your ISP has used this to illustrate. Bad practice in any perl script can lead to such grief.

I recommend ensuring that the perl script checks all user input, if possible. Otherwise, use only trusted scripts and make sure you update them.

0
source

Source: https://habr.com/ru/post/1707787/

More articles:


All Articles