|
|
|
| The stupid question is the question not asked | |
| PerlMonks |
comment on |
| ( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Specifically, the REHASH attack is *proven*, (or there would be no one-line test for it) Sorry n'all, but that is rubbish. *All* your one liner demonstrates is: does this perl contain that change/patch? Nothing -- literally nothing -- more. It in no way makes any attempt to demonstrate why the patch might be needed. It simple demonstrates that something is different; without giving any indication of how -- or even whether -- the changed behaviour is an improvement in some way. , requires no probing, and far from being "almost impossible" is actually trivial execute. Again. A bland statement unsubstantiated by your post; your paper; the text of CVE-2013-1667; or anything else that you've have said publicly on the subject(*).
To attack various web platforms one would simply construct an URL containing the right keys as parameters to the request, and since the proof of concept attack requires only chars in "a-z" doing this is trivial. Again. This is so trivialised a scenario as to be meaningless. A whole bunch of reasoning deleted; let's cut to the chase ... So, if I send you a url of a perl script running on my machine under an unpatched version of Perl; you'll make it crash in short order? *that I've been able to find. After months of looking! With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.
In reply to Re^3: Patch an old Perl version
by BrowserUk
|
|