[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#416611: libapache-mod-perl: Possible DoS problem with PerlRun (CVE-2007-1349)

* Kjetil Kjernsmo:

> If I have a PerlRun script, e.g., http://localhost/test/script, and
> call it using a URL with special symbols like '(' in path_info,
> PerlRun fails with server error. For example, calling
>      http://localhost/test/script/(
> produces this error:
>
> [Thu Mar 22 10:24:57 2007] [error] Unmatched ( in regex; marked by <--
> HERE in m//( <-- HERE $/ at
> /usr/local/lib/perl5/site_perl/5.8.8/mach/Apache/PerlRun.pm line 171.
>
>
> So, in most cases, it is an Internal Server Error, which, AFAIK does not 
> kill the process, and will only affect the requesting client.

On the other hand, computing and matching regular expressions can be
fairly expensive (exponential complexity and things like that).
Usually, such bugs are hard to exploit unless you control both regexp
and matched string. 

For instance, CGI.pm suffered from essentially the same bug, and it
was considered not exploitable.
Reply to: