Summary
The Perl Safe module is prone to multiple restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary Perl code outside of the restricted root.
Versions prior to Safe 2.25 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
- http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html
- http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes
- http://search.cpan.org/~rgarcia/Safe-2.27/Safe.pm
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1168
- https://www.securityfocus.com/bid/40302
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2010-1168 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe Air Remote Code Execution Vulnerability -June13 (Windows)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)