 |
with SecurityTracker! | |
|
|
with SecurityTracker! | |
| Home | View Topics | Search | |
|
|
| Category: Application (Generic) > Perl | Vendors: Wall, Larry |
|
(Red Hat Issues Fix) Perl Safe Module (Safe::reval and Safe::rdo) Can Be Bypassed
| ||
| SecurityTracker Alert ID: 1024065 | ||
| SecurityTracker URL: https://securitytracker.com/id/1024065 | ||
| CVE Reference: CVE-2010-1168 (Links to External Site) | ||
|
Date: Jun 8 2010
| ||
|
Impact:
User access via local system | ||
|
Fix Available: Yes Vendor Confirmed: Yes | ||
|
Version(s): 5.10.0 and prior | ||
|
Description:
A vulnerability was reported in Perl. A local user can bypass certain safe module restrictions. Implicitly called methods (e.g., DESTROY, AUTOLOAD) are not properly restricted by Safe::reval and Safe::rdo. A local user can run a specially crafted Perl script within a Safe compartment to execute those methods without restriction. Safe.pm version 2.24 and prior versions are affected. Nick Cleaton reported this vulnerability. | ||
|
Impact:
A local user can bypass certain safe module restrictions. | ||
|
Solution:
Red Hat has issued a fix. The Red Hat advisory is available at: https://rhn.redhat.com/errata/RHSA-2010-0458.html | ||
|
Vendor URL: cpan.org/ (Links to External Site)
| ||
|
Cause:
Access control error | ||
| Underlying OS: Linux (Red Hat Enterprise) | ||
| Underlying OS Comments: 5 | ||
|
| ||
Message History:
This archive entry is a follow-up to the message listed below.
| ||
Source Message Contents | ||
|
Subject: [RHSA-2010:0458-02] Moderate: perl security update | ||
| ||