Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

XML DOS vulnerability?

by doom (Deacon)
on Aug 07, 2009 at 20:02 UTC ( #786907=perlquestion: print w/ replies, xml ) Need Help??
doom has asked for the wisdom of the Perl Monks concerning the following question:

There's a story going around about DOS vulnerabilities in common XML libraries.

How does this relate to perl's XML tools? Which ones would be affected by this issue?

Comment on XML DOS vulnerability?
Re: XML DOS vulnerability?
by Anonymous Monk on Aug 08, 2009 at 03:46 UTC
    Since CERT-FI hasn't mentioned perl, no perl XML tools are vulnerable, maybe :) who knows? probably the same vulnerabilities exist

      The report indicates vulnerabilities for:

      • python with libexpat
      • xerces
      • sun jre builtin xml parser

      AFAIK, of these, only libexpat is widely used in Perl. If your code makes use of XML::Parser, you probably have the same vulnerability.

      The main alternative, XML::LibXML, is based on libxml2, which was not mentioned in the report, so it might be safe.

        The CERT report does cite libxml2 now as well, so this seems to be a very pervasive issue.

        Patches for libxml2 can be found in this Bugzilla ticket against 2.5.10, 2.6.16, and 2.6.26. It does not appear that this fix has been rolled into an official release yet.
Re: XML DOS vulnerability?
by DrHyde (Prior) on Aug 10, 2009 at 09:32 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://786907]
Approved by broomduster
Front-paged by ig
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (6)
As of 2014-10-01 08:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (390 votes), past polls