The Perl scripting language is susceptible to a new type
of security vulnerability, with remote attackers being able to
execute their own code.
Perl is a scripting language widely used for web applications,
and is often used on servers that run the Linux operating
system.
Security researcher Dyad Security has warned of a "format string
vulnerability" in Webmin, an administration utility written in
Perl.
Using this vulnerability, an attacker can potentially gain
complete control over a server running the vulnerable software.
Format strings are used by programmers to specify how output
should be formatted in an application. A flaw can occur when a
programmer uses the strings incorrectly.
Such a mistake can lead to an attacker being able to read and
write to memory on the system running the application, allowing
them to execute the code of their choice.
Users of Webmin are being urged to upgrade to the latest version
of the utility, and to be more cautious about the format strings
used.