Perl open to format string security hole

The Perl scripting language is susceptible to a new type of security vulnerability, with remote attackers being able to execute their own code.

Perl is a scripting language widely used for web applications, and is often used on servers that run the Linux operating system.

Security researcher Dyad Security has warned of a "format string vulnerability" in Webmin, an administration utility written in Perl.

Using this vulnerability, an attacker can potentially gain complete control over a server running the vulnerable software.

Format strings are used by programmers to specify how output should be formatted in an application. A flaw can occur when a programmer uses the strings incorrectly.

Such a mistake can lead to an attacker being able to read and write to memory on the system running the application, allowing them to execute the code of their choice.

Users of Webmin are being urged to upgrade to the latest version of the utility, and to be more cautious about the format strings used.