漏洞信息详情
Safe.PM执行不安全代码漏洞
- CNNVD编号:CNNVD-200212-019
- 危害等级: 中危
- CVE编号: CVE-2002-1323
- 漏洞类型: 访问验证错误
- 发布时间: 2002-12-11
- 威胁类型: 本地
- 更新时间: 2005-05-17
- 厂 商: sgi
- 漏洞来源: Discovery of this ...
漏洞简介
用于Perl 5.8.0及其早期版本的Safe.pm 2.0.7及其早期版本存在漏洞。攻击者可以利用该漏洞突破(1)Safe::reval或(2)Safe::rdo使用重新定义@_变量中的安全隔间 ,该变量在两次成功的调用间隔内不被重置。
漏洞公告
See the referenced vendor advisories for additional details. NOTE: Fixes are available. Sun Solaris 9
- Sun 119449-01 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119449-01-1
- Sun 119450-01 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119450-01-1
- Sun 122092-01 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -122092-01-1
- Debian libperl-dev_5.6.1-8.2_alpha.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_alpha.deb
- Debian libperl-dev_5.6.1-8.2_arm.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_arm.deb
- Debian libperl-dev_5.6.1-8.2_hppa.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_hppa.deb
- Debian libperl-dev_5.6.1-8.2_i386.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_i386.deb
- Debian libperl-dev_5.6.1-8.2_ia64.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_ia64.deb
- Debian libperl-dev_5.6.1-8.2_m68k.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_m68k.deb
- Debian libperl-dev_5.6.1-8.2_mips.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_mips.deb
- Debian libperl-dev_5.6.1-8.2_mipsel.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_mipsel.deb
- Debian libperl-dev_5.6.1-8.2_powerpc.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_powerpc.deb
- Debian libperl-dev_5.6.1-8.2_s390.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_s390.deb
- Debian libperl-dev_5.6.1-8.2_sparc.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1- 8.2_sparc.deb
- Debian libperl5.6_5.6.1-8.2_alpha.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8 .2_alpha.deb
- Debian libperl5.6_5.6.1-8.2_arm.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8 .2_arm.deb
- Debian libperl5.6_5.6.1-8.2_hppa.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8 .2_hppa.deb
- Debian libperl5.6_5.6.1-8.2_i386.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8 .2_i386.deb
- Debian libperl5.6_5.6.1-8.2_ia64.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8 .2_ia64.deb
- Debian libperl5.6_5.6.1-8.2_m68k.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8 .2_m68k.deb
- Debian libperl5.6_5.6.1-8.2_mipsel.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8 .2_mipsel.deb
- Debian libperl5.6_5.6.1-8.2_powerpc.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8 .2_powerpc.deb
- Debian libperl5.6_5.6.1-8.2_s390.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8 .2_s390.deb
- Debian libperl5.6_5.6.1-8.2_sparc.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8 .2_sparc.deb
- Debian perl-5.004-base_5.004.05-6.2_alpha.deb http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-b ase_5.004.05-6.2_alpha.deb
- Debian perl-5.004-base_5.004.05-6.2_arm.deb http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-b ase_5.004.05-6.2_arm.deb
- Debian perl-5.004-base_5.004.05-6.2_i386.deb http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-b ase_5.004.05-6.2_i386.deb
- Debian perl-5.004-base_5.004.05-6.2_m68k.deb http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-b ase_5.004.05-6.2_m68k.deb
-
Debian perl-5.004-base_5.004.05-6.2_p
参考网址
来源: BID 名称: 6111 链接:http://www.securityfocus.com/bid/6111 来源: DEBIAN 名称: DSA-208 链接:http://www.debian.org/security/2002/dsa-208 来源: use.perl.org 链接:http://use.perl.org/articles/02/10/06/1118222.sHTML?tid=5 来源: XF 名称: safe-pm-bypass-restrictions(10574) 链接:http://www.iss.net/security_center/static/10574.php 来源: BUGTRAQ 名称: 20021219 TSLSA-2002-0087 - perl 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104033126305252&w=2 来源: bugs6.perl.org 链接:http://bugs6.perl.org/rt2/Ticket/Display.HTML?id=17744 来源: REDHAT 名称: RHSA-2003:257 链接:http://www.redhat.com/support/errata/RHSA-2003-257.HTML 来源: REDHAT 名称: RHSA-2003:256 链接:http://www.redhat.com/support/errata/RHSA-2003-256.HTML 来源: OSVDB 名称: 3814 链接:http://www.osvdb.org/3814 来源: OSVDB 名称: 2183 链接:http://www.osvdb.org/2183 来源: BUGTRAQ 名称: 20021220 GLSA: perl 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104040175522502&w=2 来源: BUGTRAQ 名称: 20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104005919814869&w=2 来源: VULNWATCH 名称: 20021105 Perl Safe.pm compartment reuse vuln 链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.HTML 来源: SGI 名称: 20030606-01-A 链接:ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A 来源: SCO 名称: SCOSA-2004.1 链接:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt 来源: CALDERA 名称: CSSA-2004-007.0 链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt 来源: US Government Resource: oval:org.mitre.oval:def:1160 名称: oval:org.mitre.oval:def:1160 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1160
受影响实体
- Sgi Irix:6.5.8
- Sgi Irix:6.5.9
- Sgi Irix:6.5.10
- Sgi Irix:6.5.11
- Sgi Irix:6.5.12
补丁
暂无
评论