Re: Is perl still the No.1 language for sysadmin?

To: debian-user@lists.debian.org
Subject: Re: Is perl still the No.1 language for sysadmin?
From: David Wright <deblis@lionunicorn.co.uk>
Date: Tue, 4 Apr 2023 12:56:03 -0500
Message-id: <[🔎] ZCxksw2CKS2jqCli@axis.corp>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] ZCxgV+SVL+ZvA7dO@wooledge.org>
References: <[🔎] 77474a9d6477cff0c86c1c315eeca3ec@free.fr> <[🔎] CAH8yC8ntmOico3AsXrBg_cXqBgk-ONoT9ZvkiyWTKVn=A2TOrQ@mail.gmail.com> <[🔎] 87sfdgg9fm.fsf@dataswamp.org> <[🔎] CAH8yC8=eqyo4BUn+EmzvVsLxLUgvQUyp3XAPgbBX_645Tu2tPg@mail.gmail.com> <[🔎] jwvzg7nojcl.fsf-monnier+gmane.linux.debian.user@gnu.org> <[🔎] CAH8yC8=3phUhwK7PWzkbv_VtGCWA2pLRPyqgTdNUgOAAV+ptbw@mail.gmail.com> <[🔎] 20230404182950.57a13c97@acer-suse.lan> <[🔎] ZCxgV+SVL+ZvA7dO@wooledge.org>

On Tue 04 Apr 2023 at 13:37:27 (-0400), Greg Wooledge wrote:
> On Tue, Apr 04, 2023 at 06:29:50PM +0100, debian-user@howorth.org.uk wrote:
> > But cropping and ignoring the actual point of Stefan's mail rather
> > misses the point and insults him. For example, three CVEs chosen at
> > random from the 'vim' list:
> > 
> > CVE-2010-3481 	Multiple SQL injection vulnerabilities in
> > login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is
> > disabled, allow remote attackers to execute arbitrary SQL commands via
> > the (1) user_name and (2) password variables, possibly related to
> > include/classes/Login.php. NOTE: some of these details are obtained
> > from third party information. NOTE: the password vector might not be
> > vulnerable.
> > 
> > CVE-2010-2704 	Buffer overflow in HP OpenView
> > Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to
> > execute arbitrary code via a long HTTP request to nnmrptconfig.exe.
> > 
> > CVE-2010-2703 	Stack-based buffer overflow in the execvp_nc
> > function in the ov.dll module in HP OpenView Network Node Manager (OV
> > NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to
> > execute arbitrary code via a long HTTP request to webappmon.exe. 
> > 
> > FWIW, the word SQL appears 127 times in the 'vim' CVEs, and the word
> > 'vim' doesn't appear in most so I'm not sure how helpful these numbers
> > actually are.
> 
> The word "via" appears in all three of your selections.  That makes me
> think that the web site is using some kind of a "close-enough match"
> heuristic, and is (unhelpfully) matching "via" as close enough to "vim".

I don't think the connection is even as incidental as that.
There apparently exists a VIM list that raises and discusses
bugs, among which are vulnerabilities. References in the CVE
list are given to help distinguish between vulnerabilities, and
these references contain the name of that VIM list, and others.
So it's just a case of shooting the messenger.

Cheers,
David.

Reply to:

References:
- Is perl still the No.1 language for sysadmin?
  - From: coreyh@free.fr
- Re: Is perl still the No.1 language for sysadmin?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: Is perl still the No.1 language for sysadmin?
  - From: Emanuel Berg <incal@dataswamp.org>
- Re: Is perl still the No.1 language for sysadmin?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: Is perl still the No.1 language for sysadmin?
  - From: Stefan Monnier <monnier@iro.umontreal.ca>
- Re: Is perl still the No.1 language for sysadmin?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: Is perl still the No.1 language for sysadmin?
  - From: debian-user@howorth.org.uk
- Re: Is perl still the No.1 language for sysadmin?
  - From: Greg Wooledge <greg@wooledge.org>

Prev by Date: Re: Is perl still the No.1 language for sysadmin?
Next by Date: Re: Is perl still the No.1 language for sysadmin?
Previous by thread: Re: Is perl still the No.1 language for sysadmin?
Next by thread: Re: Is perl still the No.1 language for sysadmin?
Index(es):
- Date
- Thread