CVE-2002-1323
CVSS4.6
发布时间 :2002-12-11 00:00:00
修订时间 :2016-10-17 22:25:57
NMCOS    

[原文]Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.


[CNNVD]Safe.PM执行不安全代码漏洞(CNNVD-200212-019)

        用于Perl 5.8.0及其早期版本的Safe.pm 2.0.7及其早期版本存在漏洞。攻击者可以利用该漏洞突破(1)Safe::reval或(2)Safe::rdo使用重新定义@_变量中的安全隔间
        ,该变量在两次成功的调用间隔内不被重置。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sgi:irix:6.5.18mSGI IRIX 6.5.18m
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:sun:solaris:8.0::x86
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:sgi:irix:6.5SGI IRIX 6.5
cpe:/o:sgi:irix:6.5.20mSGI IRIX 6.5.20m
cpe:/o:sgi:irix:6.5.19SGI IRIX 6.5.19
cpe:/a:sun:linux:5.0.7
cpe:/o:sgi:irix:6.5.15SGI IRIX 6.5.15
cpe:/o:sgi:irix:6.5.18SGI IRIX 6.5.18
cpe:/o:sgi:irix:6.5.22SGI IRIX 6.5.22
cpe:/o:sco:open_unix:8.0
cpe:/o:sgi:irix:6.5.18fSGI IRIX 6.5.18f
cpe:/o:redhat:linux_advanced_workstation:2.1Red Hat Linux Advanced Workstation 2.1
cpe:/o:sun:solaris:8.0
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:sgi:irix:6.5.19mSGI IRIX 6.5.19m
cpe:/o:sgi:irix:6.5.17mSGI IRIX 6.5.17m
cpe:/o:sgi:irix:6.5.21fSGI IRIX 6.5.21f
cpe:/o:sgi:irix:6.5.2SGI IRIX 6.5.2
cpe:/o:sgi:irix:6.5.7SGI IRIX 6.5.7
cpe:/o:sgi:irix:6.5.8SGI IRIX 6.5.8
cpe:/o:sgi:irix:6.5.21mSGI IRIX 6.5.21m
cpe:/o:sgi:irix:6.5.5SGI IRIX 6.5.5
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:sgi:irix:6.5.3SGI IRIX 6.5.3
cpe:/o:sgi:irix:6.5.4SGI IRIX 6.5.4
cpe:/o:sco:unixware:7.1.3
cpe:/o:sgi:irix:6.5.1SGI IRIX 6.5.1
cpe:/o:sco:unixware:7.1.2
cpe:/o:sgi:irix:6.5.11SGI IRIX 6.5.11
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/o:sgi:irix:6.5.16SGI IRIX 6.5.16
cpe:/a:safe.pm:safe.pm:2.0_6
cpe:/o:sgi:irix:6.5.17SGI IRIX 6.5.17
cpe:/o:sgi:irix:6.5.14SGI IRIX 6.5.14
cpe:/o:sgi:irix:6.5.6SGI IRIX 6.5.6
cpe:/o:sgi:irix:6.5.12SGI IRIX 6.5.12
cpe:/o:sgi:irix:6.5.17fSGI IRIX 6.5.17f
cpe:/o:sgi:irix:6.5.13SGI IRIX 6.5.13
cpe:/o:sgi:irix:6.5.10SGI IRIX 6.5.10
cpe:/o:sgi:irix:6.5.9SGI IRIX 6.5.9
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:sgi:irix:6.5.19fSGI IRIX 6.5.19f
cpe:/a:safe.pm:safe.pm:2.0_7
cpe:/o:sgi:irix:6.5.20fSGI IRIX 6.5.20f

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1160Safe.PM Unsafe Code Execution Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1323
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1323
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-019
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt
(UNKNOWN)  CALDERA  CSSA-2004-007.0
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt
(UNKNOWN)  SCO  SCOSA-2004.1
ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A
(UNKNOWN)  SGI  20030606-01-A
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
(UNKNOWN)  VULNWATCH  20021105 Perl Safe.pm compartment reuse vuln
http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
(UNKNOWN)  CONFIRM  http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
http://marc.info/?l=bugtraq&m=104005919814869&w=2
(UNKNOWN)  BUGTRAQ  20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl)
http://marc.info/?l=bugtraq&m=104033126305252&w=2
(UNKNOWN)  BUGTRAQ  20021219 TSLSA-2002-0087 - perl
http://marc.info/?l=bugtraq&m=104040175522502&w=2
(UNKNOWN)  BUGTRAQ  20021220 GLSA: perl
http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
(PATCH)  CONFIRM  http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
http://www.debian.org/security/2002/dsa-208
(VENDOR_ADVISORY)  DEBIAN  DSA-208
http://www.iss.net/security_center/static/10574.php
(VENDOR_ADVISORY)  XF  safe-pm-bypass-restrictions(10574)
http://www.redhat.com/support/errata/RHSA-2003-256.html
(UNKNOWN)  REDHAT  RHSA-2003:256
http://www.redhat.com/support/errata/RHSA-2003-257.html
(UNKNOWN)  REDHAT  RHSA-2003:257
http://www.securityfocus.com/bid/6111
(VENDOR_ADVISORY)  BID  6111

- 漏洞信息

Safe.PM执行不安全代码漏洞
中危 访问验证错误
2002-12-11 00:00:00 2005-05-17 00:00:00
本地  
        用于Perl 5.8.0及其早期版本的Safe.pm 2.0.7及其早期版本存在漏洞。攻击者可以利用该漏洞突破(1)Safe::reval或(2)Safe::rdo使用重新定义@_变量中的安全隔间
        ,该变量在两次成功的调用间隔内不被重置。

- 公告与补丁

        
        See the referenced vendor advisories for additional details.
        NOTE: Fixes are available.
        Sun Solaris 9
        
        Sun Solaris 9_x86
        
        Sun Solaris 8_x86
        
        Safe.pm Safe.pm 2.0 7
        

- 漏洞信息

2183
Perl Safe.pm Access Bypass

- 漏洞描述

Safe.pm contains a flaw that could allow a local or remote attacker execute code outside of Safe.pm's restricted environment called a compartment. If the compartment has been accessed at least once, an attacker could change the the mask of the compartment to access code outside of the compartment.

- 时间线

2002-11-05 2002-11-05
Unknow Unknow

- 解决方案

Upgrade to the latest version of Safe.pm. Check with your vendor's website for OS specific updates or check http://www.cpan.org

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Safe.PM Unsafe Code Execution Vulnerability
Access Validation Error 6111
No Yes
2002-11-06 12:00:00 2009-07-11 06:06:00
Discovery of this vulnerability credited to Andreas Jurenda (perlbug@perl.org).

- 受影响的程序版本

Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Linux 5.0.7
SGI IRIX 6.5.22
SGI IRIX 6.5.21 m
SGI IRIX 6.5.21 f
SGI IRIX 6.5.20 m
SGI IRIX 6.5.20 f
SGI IRIX 6.5.19 m
SGI IRIX 6.5.19 f
SGI IRIX 6.5.19
SGI IRIX 6.5.18 m
SGI IRIX 6.5.18 f
SGI IRIX 6.5.18
SGI IRIX 6.5.17 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.17
SGI IRIX 6.5.16
SGI IRIX 6.5.15
SGI IRIX 6.5.14
SGI IRIX 6.5.13
SGI IRIX 6.5.12
SGI IRIX 6.5.11
SGI IRIX 6.5.10
SGI IRIX 6.5.9
SGI IRIX 6.5.8
SGI IRIX 6.5.7
SGI IRIX 6.5.6
SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5
SCO Unixware 7.1.3
SCO Unixware 7.1.2
SCO Open UNIX 8.0
Safe.pm Safe.pm 2.0 7
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ perl5porters Perl 5.8 .0
Safe.pm Safe.pm 2.0 6
+ perl5porters Perl 5.6.1
RedHat Linux Advanced Work Station 2.1
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Safe.pm Safe.pm 2.0 9
Safe.pm Safe.pm 2.0 8

- 不受影响的程序版本

Safe.pm Safe.pm 2.0 9
Safe.pm Safe.pm 2.0 8

- 漏洞讨论

When Perl code is executed within a Safe compartment, it cannot access variables outside of the compartment unless the outside code chooses to share the variables with the code inside the compartment.

If code inside a Safe compartment is executed via 'Safe->reval()' twice, it can change its operation mask the second time. This could allow the code to access variables outside the Safe compartment.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案



See the referenced vendor advisories for additional details.

NOTE: Fixes are available.


Sun Solaris 9

Sun Solaris 9_x86

Sun Solaris 8_x86

Safe.pm Safe.pm 2.0 7

Safe.pm Safe.pm 2.0 6

Sun Linux 5.0.7

SCO Unixware 7.1.2

SCO Unixware 7.1.3

SCO Open UNIX 8.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站