in reply to Re^2: Patch an old Perl version
in thread Patch an old Perl version
Specifically, the REHASH attack is *proven*, (or there would be no one-line test for it)
Sorry n'all, but that is rubbish.
*All* your one liner demonstrates is: does this perl contain that change/patch? Nothing -- literally nothing -- more.
It in no way makes any attempt to demonstrate why the patch might be needed.
It simple demonstrates that something is different; without giving any indication of how -- or even whether -- the changed behaviour is an improvement in some way.
, requires no probing, and far from being "almost impossible" is actually trivial execute.
Again. A bland statement unsubstantiated by your post; your paper; the text of CVE-2013-1667; or anything else that you've have said publicly on the subject(*).
To attack various web platforms one would simply construct an URL containing the right keys as parameters to the request, and since the proof of concept attack requires only chars in "a-z" doing this is trivial.
Again. This is so trivialised a scenario as to be meaningless.
A whole bunch of reasoning deleted; let's cut to the chase ...
So, if I send you a url of a perl script running on my machine under an unpatched version of Perl; you'll make it crash in short order?
*that I've been able to find. After months of looking!
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^4: Patch an old Perl version
by demerphq (Chancellor) on Nov 10, 2013 at 23:18 UTC | |
by BrowserUk (Patriarch) on Nov 10, 2013 at 23:31 UTC | |
by Discipulus (Canon) on Nov 11, 2013 at 09:02 UTC | |
by BrowserUk (Patriarch) on Nov 11, 2013 at 16:19 UTC | |
by demerphq (Chancellor) on Nov 15, 2013 at 12:16 UTC | |
| |
Re^4: Patch an old Perl version
by rjbs (Pilgrim) on Nov 12, 2013 at 17:47 UTC | |
by BrowserUk (Patriarch) on Nov 12, 2013 at 17:56 UTC | |
by demerphq (Chancellor) on Nov 15, 2013 at 12:12 UTC | |
by BrowserUk (Patriarch) on Nov 15, 2013 at 14:58 UTC |