The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


OpenLinux: Perl Safe.pm unsafe access


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Fri, 20 Feb 2004 12:35:57 -0800 (PST)
From: [email protected]
To: [email protected], [email protected],
Subject: OpenLinux: Perl Safe.pm unsafe access


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: Perl Safe.pm unsafe access
Advisory number: 	CSSA-2004-007.0
Issue date: 		2004 February 20
Cross reference:	sr887196 fz528498 erg712494 CAN-2002-1323
______________________________________________________________________________


1. Problem Description

	When Perl code is executed within a Safe compartment, it cannot
	access variables outside of the compartment unless the outside
	code chooses to share the variables with the code inside the
	compartment. 

	If code inside a Safe compartment is executed via Safe->reval() 
	twice, it is able to change its operation mask the second time. 
	This could allow the code to access variables outside the Safe 
	compartment. 

	Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may 
	allow attackers to break out of safe compartments in (1) Safe::reval 
	or (2) Safe::rdo using a redefined @_ variable, which is not reset 
	between successive calls.

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2002-1323 to this issue.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------
	OpenLinux 3.1.1 Server		prior to perl-5.8.3-1.i386.rpm
					prior to perl-add-5.8.3-1.i386.rpm
					prior to perl-man-5.8.3-1.i386.rpm
					prior to perl-pod-5.8.3-1.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to perl-5.8.3-1.i386.rpm
					prior to perl-add-5.8.3-1.i386.rpm
					prior to perl-man-5.8.3-1.i386.rpm
					prior to perl-pod-5.8.3-1.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-007.0/RPMS

	4.2 Packages

	8fc1043f58ddc9f2c48a392e3a9e5707	perl-5.8.3-1.i386.rpm
	c52377b6aa6ba00169108fdf1060e239	perl-add-5.8.3-1.i386.rpm
	cb4dbc39349ea672b47bfc776f3b0fa4	perl-man-5.8.3-1.i386.rpm
	010741a985deaf7e2b8a289d3e4b4b8b	perl-pod-5.8.3-1.i386.rpm

	4.3 Installation

	rpm -Fvh perl-5.8.3-1.i386.rpm
	rpm -Fvh perl-add-5.8.3-1.i386.rpm
	rpm -Fvh perl-man-5.8.3-1.i386.rpm
	rpm -Fvh perl-pod-5.8.3-1.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-007.0/SRPMS

	4.5 Source Packages

	aa44c605f0c3c82cef1096c2c9f1e958	perl-5.8.3-1.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-007.0/RPMS

	5.2 Packages

	21a823ce2022d2c3a69848b48d06d9de	perl-5.8.3-1.i386.rpm
	77b22dc0bdf24d927e635e76f4706a05	perl-add-5.8.3-1.i386.rpm
	eb60dd4c6abc0f4b9894ea6a1473ffdc	perl-man-5.8.3-1.i386.rpm
	357d02c4844793bc36b7e92c41bb2e26	perl-pod-5.8.3-1.i386.rpm

	5.3 Installation

	rpm -Fvh perl-5.8.3-1.i386.rpm
	rpm -Fvh perl-add-5.8.3-1.i386.rpm
	rpm -Fvh perl-man-5.8.3-1.i386.rpm
	rpm -Fvh perl-pod-5.8.3-1.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-007.0/SRPMS

	5.5 Source Packages

	6b1fdec04ed3c6d4de7b0c65528e71cd	perl-5.8.3-1.src.rpm


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323
		http://www.iss.net/security_center/static/10574.php
		http://www.securityfocus.com/bid/6111
		http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
		http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
		http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744


	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr887196 fz528498
	erg712494.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	SCO would like to thank Andreas Jurenda

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFANmqybluZssSXDTERAlihAKDJmttTCjq9c0C1Fuaa6mDV6n6y2QCbBbNa
xtexYEHCq6tX0LaYTCREjkQ=
=ld1L
-----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру