Vulnerabilities > CVE-2002-1323
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 | |
OS | Sgi
| 31 |
OS | 7 | |
OS | 3 | |
OS | 4 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-208.NASL description A security hole has been discovered in Safe.pm which is used in all versions of Perl. The Safe extension module allows the creation of compartments in which perl code can be evaluated in a new namespace and the code evaluated in the compartment cannot refer to variables outside this namespace. However, when a Safe compartment has already been used, there last seen 2020-06-01 modified 2020-06-02 plugin id 15045 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15045 title Debian DSA-208-1 : perl - broken safe compartment code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-208. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15045); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-1323"); script_bugtraq_id(6111); script_xref(name:"DSA", value:"208"); script_name(english:"Debian DSA-208-1 : perl - broken safe compartment"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A security hole has been discovered in Safe.pm which is used in all versions of Perl. The Safe extension module allows the creation of compartments in which perl code can be evaluated in a new namespace and the code evaluated in the compartment cannot refer to variables outside this namespace. However, when a Safe compartment has already been used, there's no guarantee that it is Safe any longer, because there's a way for code to be executed within the Safe compartment to alter its operation mask. Thus, programs that use a Safe compartment only once aren't affected by this bug." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-208" ); script_set_attribute( attribute:"solution", value: "Upgrade the Perl packages. This problem has been fixed in version 5.6.1-8.2 for the current stable distribution (woody), in version 5.004.05-6.2 and 5.005.03-7.2 for the old stable distribution (potato) and in version 5.8.0-14 for the unstable distribution (sid)." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl-5.004"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl-5.005"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"perl-5.004", reference:"5.004.05-6.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.004-base", reference:"5.004.05-6.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.004-debug", reference:"5.004.05-6.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.004-doc", reference:"5.004.05-6.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.004-suid", reference:"5.004.05-6.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005-base", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005-debug", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005-doc", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005-suid", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005-thread", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"3.0", prefix:"libcgi-fast-perl", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"libperl-dev", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"libperl5.6", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl-base", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl-debug", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl-doc", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl-modules", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl-suid", reference:"5.6.1-8.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-257.NASL description Updated Perl packages that fix a security issue in Safe.pm and a cross-site scripting (XSS) vulnerability in CGI.pm are now available. Perl is a high-level programming language commonly used for system administration utilities and Web programming. Two security issues have been found in Perl that affect the Perl packages shipped with Red Hat Enterprise Linux : When safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and earlier, it is possible for an attacker to break out of safe compartments within Safe::reval and Safe::rdo by using a redefined @_ variable. This is due to the fact that the redefined @_ variable is not reset between successive calls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1323 to this issue. A cross-site scripting vulnerability was discovered in the start_form() function of CGI.pm. The vulnerability allows a remote attacker to insert a Web script via a URL fed into the form last seen 2020-06-01 modified 2020-06-02 plugin id 12415 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12415 title RHEL 2.1 : perl (RHSA-2003:257)
Oval
accepted | 2008-07-07T04:00:13.994-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. | ||||||||||||||||
family | unix | ||||||||||||||||
id | oval:org.mitre.oval:def:1160 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2006-09-22T05:52:00.000-04:00 | ||||||||||||||||
title | Safe.PM Unsafe Code Execution Vulnerability | ||||||||||||||||
version | 39 |
Redhat
advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt
- ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
- http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
- http://marc.info/?l=bugtraq&m=104005919814869&w=2
- http://marc.info/?l=bugtraq&m=104033126305252&w=2
- http://marc.info/?l=bugtraq&m=104040175522502&w=2
- http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
- http://www.debian.org/security/2002/dsa-208
- http://www.iss.net/security_center/static/10574.php
- http://www.osvdb.org/2183
- http://www.osvdb.org/3814
- http://www.redhat.com/support/errata/RHSA-2003-256.html
- http://www.redhat.com/support/errata/RHSA-2003-257.html
- http://www.securityfocus.com/bid/6111
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1160