Vulnerabilities > CVE-2002-1323

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

Vulnerable Configurations

Part	Description	Count
Application	Safe.Pm Safe.Pm Safe.Pm 2.0_6 Safe.Pm Safe.Pm 2.0_7	2
Application	Sun SUN Linux 5.0.7	1
OS	Sgi SGI Irix 6.5 SGI Irix 6.5.1 SGI Irix 6.5.2 SGI Irix 6.5.3 SGI Irix 6.5.4 SGI Irix 6.5.5 SGI Irix 6.5.6 SGI Irix 6.5.7 SGI Irix 6.5.8 SGI Irix 6.5.9 SGI Irix 6.5.10 SGI Irix 6.5.11 SGI Irix 6.5.12 SGI Irix 6.5.13 SGI Irix 6.5.14 SGI Irix 6.5.15 SGI Irix 6.5.16 SGI Irix 6.5.17 SGI Irix 6.5.17F SGI Irix 6.5.17M SGI Irix 6.5.18 SGI Irix 6.5.18F SGI Irix 6.5.18M SGI Irix 6.5.19 SGI Irix 6.5.19F SGI Irix 6.5.19M SGI Irix 6.5.20F SGI Irix 6.5.20M SGI Irix 6.5.21F SGI Irix 6.5.21M SGI Irix 6.5.22	31
OS	Redhat Redhat Enterprise Linux 2.1 Redhat Linux Advanced Workstation 2.1	7
OS	Sco SCO Open Unix 8.0 SCO Unixware 7.1.2 SCO Unixware 7.1.3	3
OS	Sun SUN Solaris 8.0 SUN Solaris 9.0 SUN Sunos 5.8	4

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-208.NASL
description	A security hole has been discovered in Safe.pm which is used in all versions of Perl. The Safe extension module allows the creation of compartments in which perl code can be evaluated in a new namespace and the code evaluated in the compartment cannot refer to variables outside this namespace. However, when a Safe compartment has already been used, there
last seen	2020-06-01
modified	2020-06-02
plugin id	15045
published	2004-09-29
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15045
title	Debian DSA-208-1 : perl - broken safe compartment
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-208. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15045); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-1323"); script_bugtraq_id(6111); script_xref(name:"DSA", value:"208"); script_name(english:"Debian DSA-208-1 : perl - broken safe compartment"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A security hole has been discovered in Safe.pm which is used in all versions of Perl. The Safe extension module allows the creation of compartments in which perl code can be evaluated in a new namespace and the code evaluated in the compartment cannot refer to variables outside this namespace. However, when a Safe compartment has already been used, there's no guarantee that it is Safe any longer, because there's a way for code to be executed within the Safe compartment to alter its operation mask. Thus, programs that use a Safe compartment only once aren't affected by this bug." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-208" ); script_set_attribute( attribute:"solution", value: "Upgrade the Perl packages. This problem has been fixed in version 5.6.1-8.2 for the current stable distribution (woody), in version 5.004.05-6.2 and 5.005.03-7.2 for the old stable distribution (potato) and in version 5.8.0-14 for the unstable distribution (sid)." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl-5.004"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl-5.005"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"perl-5.004", reference:"5.004.05-6.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.004-base", reference:"5.004.05-6.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.004-debug", reference:"5.004.05-6.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.004-doc", reference:"5.004.05-6.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.004-suid", reference:"5.004.05-6.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005-base", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005-debug", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005-doc", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005-suid", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"2.2", prefix:"perl-5.005-thread", reference:"5.005.03-7.2")) flag++; if (deb_check(release:"3.0", prefix:"libcgi-fast-perl", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"libperl-dev", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"libperl5.6", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl-base", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl-debug", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl-doc", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl-modules", reference:"5.6.1-8.2")) flag++; if (deb_check(release:"3.0", prefix:"perl-suid", reference:"5.6.1-8.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2003-257.NASL
description	Updated Perl packages that fix a security issue in Safe.pm and a cross-site scripting (XSS) vulnerability in CGI.pm are now available. Perl is a high-level programming language commonly used for system administration utilities and Web programming. Two security issues have been found in Perl that affect the Perl packages shipped with Red Hat Enterprise Linux : When safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and earlier, it is possible for an attacker to break out of safe compartments within Safe::reval and Safe::rdo by using a redefined @_ variable. This is due to the fact that the redefined @_ variable is not reset between successive calls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1323 to this issue. A cross-site scripting vulnerability was discovered in the start_form() function of CGI.pm. The vulnerability allows a remote attacker to insert a Web script via a URL fed into the form
last seen	2020-06-01
modified	2020-06-02
plugin id	12415
published	2004-07-06
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/12415
title	RHEL 2.1 : perl (RHSA-2003:257)

Oval

accepted

2008-07-07T04:00:13.994-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Nabil Ouchn
organization Security-Database
name Dragos Prisaca
organization Secure Elements, Inc.

definition_extensions

comment Solaris 8 (SPARC) is installed
oval oval:org.mitre.oval:def:1539
comment Solaris 8 (x86) is installed
oval oval:org.mitre.oval:def:2059
comment Solaris 9 (SPARC) is installed
oval oval:org.mitre.oval:def:1457
comment Solaris 9 (x86) is installed
oval oval:org.mitre.oval:def:1683

description

family

unix

oval:org.mitre.oval:def:1160

status

accepted

submitted

2006-09-22T05:52:00.000-04:00

title

Safe.PM Unsafe Code Execution Vulnerability

version

Redhat

advisories

rhsa
id RHSA-2003:256
rhsa
id RHSA-2003:257

Vulnerabilities > CVE-2002-1323 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2002-1323"}]}

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References

Vulnerabilities > CVE-2002-1323