Re: Is perl still the No.1 language for sysadmin?

To: debian-user@lists.debian.org
Subject: Re: Is perl still the No.1 language for sysadmin?
From: Jeffrey Walton <noloader@gmail.com>
Date: Tue, 4 Apr 2023 14:49:30 -0400
Message-id: <[🔎] CAH8yC8mmM89jNkYPeNA=SRb6OYSc8erKPCpAQj0YagXcpuxw=w@mail.gmail.com>
Reply-to: noloader@gmail.com
In-reply-to: <[🔎] ZCxgV+SVL+ZvA7dO@wooledge.org>
References: <[🔎] 77474a9d6477cff0c86c1c315eeca3ec@free.fr> <[🔎] CAH8yC8ntmOico3AsXrBg_cXqBgk-ONoT9ZvkiyWTKVn=A2TOrQ@mail.gmail.com> <[🔎] 87sfdgg9fm.fsf@dataswamp.org> <[🔎] CAH8yC8=eqyo4BUn+EmzvVsLxLUgvQUyp3XAPgbBX_645Tu2tPg@mail.gmail.com> <[🔎] jwvzg7nojcl.fsf-monnier+gmane.linux.debian.user@gnu.org> <[🔎] CAH8yC8=3phUhwK7PWzkbv_VtGCWA2pLRPyqgTdNUgOAAV+ptbw@mail.gmail.com> <[🔎] 20230404182950.57a13c97@acer-suse.lan> <[🔎] ZCxgV+SVL+ZvA7dO@wooledge.org>

On Tue, Apr 4, 2023 at 1:37 PM Greg Wooledge <greg@wooledge.org> wrote:
>
> On Tue, Apr 04, 2023 at 06:29:50PM +0100, debian-user@howorth.org.uk wrote:
> > But cropping and ignoring the actual point of Stefan's mail rather
> > misses the point and insults him. For example, three CVEs chosen at
> > random from the 'vim' list:
> >
> > CVE-2010-3481         Multiple SQL injection vulnerabilities in
> > login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is
> > disabled, allow remote attackers to execute arbitrary SQL commands via
> > the (1) user_name and (2) password variables, possibly related to
> > include/classes/Login.php. NOTE: some of these details are obtained
> > from third party information. NOTE: the password vector might not be
> > vulnerable.
> >
> > CVE-2010-2704         Buffer overflow in HP OpenView
> > Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to
> > execute arbitrary code via a long HTTP request to nnmrptconfig.exe.
> >
> > CVE-2010-2703         Stack-based buffer overflow in the execvp_nc
> > function in the ov.dll module in HP OpenView Network Node Manager (OV
> > NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to
> > execute arbitrary code via a long HTTP request to webappmon.exe.
> >
> > FWIW, the word SQL appears 127 times in the 'vim' CVEs, and the word
> > 'vim' doesn't appear in most so I'm not sure how helpful these numbers
> > actually are.
>
> The word "via" appears in all three of your selections.  That makes me
> think that the web site is using some kind of a "close-enough match"
> heuristic, and is (unhelpfully) matching "via" as close enough to "vim".

Oh, that would not be good.

The Vim folks had a bad week this week:
https://ubuntu.com/security/notices/USN-5995-1 . There were 30 CVEs
fixed this week.

Jeff

Reply to:

Follow-Ups:
- Re: Is perl still the No.1 language for sysadmin?
  - From: Emanuel Berg <incal@dataswamp.org>

References:
- Is perl still the No.1 language for sysadmin?
  - From: coreyh@free.fr
- Re: Is perl still the No.1 language for sysadmin?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: Is perl still the No.1 language for sysadmin?
  - From: Emanuel Berg <incal@dataswamp.org>
- Re: Is perl still the No.1 language for sysadmin?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: Is perl still the No.1 language for sysadmin?
  - From: Stefan Monnier <monnier@iro.umontreal.ca>
- Re: Is perl still the No.1 language for sysadmin?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: Is perl still the No.1 language for sysadmin?
  - From: debian-user@howorth.org.uk
- Re: Is perl still the No.1 language for sysadmin?
  - From: Greg Wooledge <greg@wooledge.org>

Prev by Date: Re: Is perl still the No.1 language for sysadmin?
Next by Date: Re: |Inquiry regarding fixing the error light display manager
Previous by thread: Re: Is perl still the No.1 language for sysadmin?
Next by thread: Re: Is perl still the No.1 language for sysadmin?
Index(es):
- Date
- Thread