Bug#629511: [oss-security] CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used
Josh Bressers
bressers at redhat.com
Mon Jun 13 19:28:11 UTC 2011
----- Original Message -----
> Hello, Josh, Steve, vendors,
>
> It was found that perl-Data-FormValidator, a HTML form user input
> validator, used to treat certain invalid fields as valid, when the
> untaint_all_constraints directive was used (default for majority of
> Data-FormValidator routines). A remote attacker could use this flaw to
> bypass perl Taint mode protection mechanism via specially-crafted
> input
> provided to the HTML form.
>
> Note: Hopefully Damyan, Mark can clarify here, if valid data from
> Data-FormValidator are automatically marked as untainted for
> perl Taint mode or not. If there still is perl Taint mode
> protection check present, even on valid Data-FormValidator
> data and it couldn't happen, that tainted data would be passed
> further to the script processing, then this is not a security
> issue.
>
> References:
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511
> [2] https://rt.cpan.org/Public/Bug/Display.html?id=61792
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=712694
>
Upstream seem to believe this is a security flaw.
Please use CVE-2011-2201.
Thanks.
--
JB
More information about the pkg-perl-maintainers
mailing list