ISS X-Force Database: safe-pm-bypass-restrictions(10574): Safe.pm could allow an attacker to bypass access restrictions

Safe.pm could allow an attacker to bypass access restrictions

safe-pm-bypass-restrictions (10574)

Medium Risk

Description:

Safe.pm could allow a remote or local attacker to bypass access restrictions, and possibly execute code outside of the restricted environment. If the Safe compartment has been used at least once, an attacker could modify the "@_" variable to modify the compartment's mask, which would allow the attacker to execute code outside of the restricted compartment the next time Safe.pm is used.

Consequences:

Bypass Security

Remedy:

Upgrade to the latest version of Safe.pm (2.09 or later), available from the CPAN Web site. See References.

For Debian GNU/Linux:
Upgrade to the latest version of perl, perl 5.004, or perl 5.005 package, as listed below. Refer to DSA-208-1 for more information. See References.

perl 5.004:
Debian GNU/Linux 2.2 (potato): 5.004.05-6.2 or later

perl 5.005:
Debian GNU/Linux 2.2 (potato): 5.005.03-7.2 or later

perl:
Debian GNU/Linux 3.0 (woody): 5.6.1-8.2 or later

For OpenPKG:
Upgrade to the latest perl package, as listed below. Refer to OpenPKG Security Advisory OpenPKG-SA-2002.014 for more information. See References.

OpenPKG 1.0: 5.6.1-1.0.2 or later
OpenPKG 1.1: 5.6.1-1.1.1 or later
OpenPKG CURRENT: 5.8.0-20021216 or later

For Trustix Secure Linux 1.01, 1.1, 1.2, and 1.5:
Upgrade to the latest perl package (5.00503-14tr or later), as listed in Trustix Secure Linux Security Advisory #2002-0087 for more information. See References.

For Gentoo Linux:
Upgrade versions sys-devel/perl-5.6.1-r9 and earlier or sys-devel/5.8.0-r5 or earlier, as listed in Gentoo Linux Security Announcement 200212-6. See References.

For Red Hat Linux:
Upgrade to the latest perl package, as listed below. Refer to RHSA-2003:256-15 for more information. See References.

Red Hat 7.1 for iSeries and pSeries: 5.6.1-36.1.71 or later
Red Hat 7.2: 5.6.1-36.1.72 or later
Red Hat 7.3: 5.6.1-36.1.73 or later
Red Hat 8.0: 5.8.0-88.3 or later
Red Hat 9: 5.8.0-88.3 or later

For Red Hat Linux containing the perl package:
Upgrade to the latest perl package, as listed below. Refer to RHSA-2003:257-12 for more information. See References.

Red Hat Enterprise Linux AS (v. 2.1), ES (v.2.1), WS (v.2.1), and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor: 5.6.1-36.1.99ent or later

For SGI IRIX:
Apply the patch for this vulnerability, as listed in SGI Security Advisory 20031002-01-U. See References.

For Caldera OpenLinux 3.1.1 Server and Workstation:
Upgrade to the latest perl package, as listed below. Refer to SCO Security Advisory CSSA-2004-007.0 for more information. See References.

Caldera OpenLinux 3.1.1 Server and Workstation: 5.8.3-1 or later

For Caldera UnixWare 7.1.3 and 7.1.1, and OpenUnix 8.0.0:
Upgrade to the latest perl package, as listed below. Refer to SCO Security Advisory CSSA-2004-1 for more information. See References.

Caldera OpenLinux 7.1.3 and 7.1.1, and OpenUnix 8.0.0: 5.00404 or later

For other distributions:
Contact your vendor for upgrade or patch information.

References:

CIAC Information Bulletin N-155: Red Hat Updated Perl packages fix security issues.
CPAN Web site: search.cpan.org: Safe - Compile and execute code in restricted compartments.
Gentoo Linux Security Announcement 200212-6: perl -- broken safe compartment.
SCO Security Advisory CSSA-2004-007.0: OpenLinux: Perl Safe.pm unsafe access.
SCO Security Advisory SCOSA-2004.1: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment. (From LinuxSecurity archive)
SGI Security Advisory 20030606-01-A: Perl "Safe.pm" vulnerability.
SGI Security Advisory 20031002-01-U: SGI Advanced Linux Environment security update #3.
Trustix Secure Linux Security Advisory #2002-0087: perl -- Safe compartments not being safe.
VulnWatch Mailing List, Tue Nov 05 2002 - 23:59:18 CST : Perl Safe.pm compartment reuse vuln .
BID-6111: Safe.PM Unsafe Code Execution Vulnerability
CVE-2002-1323: Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
DSA-208: perl -- broken safe compartment
OpenPKG-SA-2002.014: Perl Safe.pm
OSVDB ID: 2183: Perl Safe.pm Access Bypass
OSVDB ID: 3814: Multiple Unix Vendor passwd Malformed ulimit /etc/passwd Manipulation
RHSA-2003-256: Updated Perl packages fix security issues.
RHSA-2003-257: perl security update

Platforms Affected:

Debian Debian Linux 2.2
Debian Debian Linux 3.0
Gentoo Linux
Malcolm Beattie Safe.pm prior to 2.08
OpenPKG OpenPKG 1.0
OpenPKG OpenPKG 1.1
OpenPKG OpenPKG CURRENT
RedHat Enterprise Linux 2.1 ES
RedHat Enterprise Linux 2.1 AS
RedHat Enterprise Linux 2.1 WS
RedHat Enterprise Linux 2.1 AW
RedHat Linux 7.1
RedHat Linux 7.1 for iSeries
RedHat Linux 7.1 for pSeries
RedHat Linux 7.2
RedHat Linux 7.3
RedHat Linux 8.0
RedHat Linux 9.0
RedHat Linux Advanced Workstation 2.1 Itanium
SCO Caldera OpenLinux 7.1.1
SCO Caldera OpenLinux 7.1.3
SCO Caldera OpenLinux Server 3.1.1
SCO Caldera OpenLinux Workstation 3.1.1
SCO Caldera OpenUnix 8.0.0
SGI IRIX 2.2.1
SGI IRIX 2.3
Trustix Secure Linux 1.01
Trustix Secure Linux 1.1
Trustix Secure Linux 1.2
Trustix Secure Linux 1.5

Reported:

Nov 05, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page