Perlbal ClientProxy.pm denial of service
| perlbal-clientproxy-dos (41538) |  Low Risk |
Description:
Perlbal is vulnerable to a denial of service, caused by an error in ClientProxy.pm when buffer_uploads is enabled. By sending a zero-byte chunked upload, a remote attacker could crash the application.
Platforms Affected:
- Perlbal, Perlbal prior to 1.70
Remedy:
Upgrade to the latest version of Perlbal (1.70 or later), available from the Perlbal Web page. See References.
Consequences:
Denial of Service
References:
- Perlbal Changelog, 1.70: 2008-03-08, 1.70: 2008-03-08 at http://search.cpan.org/src/BRADFITZ/Perlbal-1.70/CHANGES.
- Perlbal Web page, Module Version: 1.70 at http://search.cpan.org/dist/Perlbal/lib/Perlbal.pm.
- Red Hat Bugzilla Bug 439054, CVE-2008-1532 Perlbal crashes upon empty buffered upload attempts at https://bugzilla.redhat.com/show_bug.cgi?id=439054.
- BID-28491: Perlbal Buffered Upload Remote Denial Of Service Vulnerability
- CVE-2008-1532: Perlbal before 1.70, when buffered upload is enabled, allows remote attackers to cause a denial of service (crash) via a zero-byte chunked upload.
- SA29565: Perlbal Chunked Uploads Denial of Service and Directory Traversal
- VUPEN/ADV-2008-1045: Perlbal Denial of Service and Directory Traversal Vulnerabilities
Reported:
Mar 31, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net