User: Password:
|
|
Subscribe / Log in / New account

SCO Group alert CSSA-2004-007.0 (safe.pm)

From:  please_reply_to_security@sco.com
To:  announce@lists.caldera.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com, security-alerts@linuxsecurity.com
Subject:  OpenLinux: Perl Safe.pm unsafe access
Date:  Fri, 20 Feb 2004 12:35:57 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenLinux: Perl Safe.pm unsafe access Advisory number: CSSA-2004-007.0 Issue date: 2004 February 20 Cross reference: sr887196 fz528498 erg712494 CAN-2002-1323 ______________________________________________________________________________ 1. Problem Description When Perl code is executed within a Safe compartment, it cannot access variables outside of the compartment unless the outside code chooses to share the variables with the code inside the compartment. If code inside a Safe compartment is executed via Safe->reval() twice, it is able to change its operation mask the second time. This could allow the code to access variables outside the Safe compartment. Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1323 to this issue. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to perl-5.8.3-1.i386.rpm prior to perl-add-5.8.3-1.i386.rpm prior to perl-man-5.8.3-1.i386.rpm prior to perl-pod-5.8.3-1.i386.rpm OpenLinux 3.1.1 Workstation prior to perl-5.8.3-1.i386.rpm prior to perl-add-5.8.3-1.i386.rpm prior to perl-man-5.8.3-1.i386.rpm prior to perl-pod-5.8.3-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-007.0/RPMS 4.2 Packages 8fc1043f58ddc9f2c48a392e3a9e5707 perl-5.8.3-1.i386.rpm c52377b6aa6ba00169108fdf1060e239 perl-add-5.8.3-1.i386.rpm cb4dbc39349ea672b47bfc776f3b0fa4 perl-man-5.8.3-1.i386.rpm 010741a985deaf7e2b8a289d3e4b4b8b perl-pod-5.8.3-1.i386.rpm 4.3 Installation rpm -Fvh perl-5.8.3-1.i386.rpm rpm -Fvh perl-add-5.8.3-1.i386.rpm rpm -Fvh perl-man-5.8.3-1.i386.rpm rpm -Fvh perl-pod-5.8.3-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-007.0/SRPMS 4.5 Source Packages aa44c605f0c3c82cef1096c2c9f1e958 perl-5.8.3-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-007.0/RPMS 5.2 Packages 21a823ce2022d2c3a69848b48d06d9de perl-5.8.3-1.i386.rpm 77b22dc0bdf24d927e635e76f4706a05 perl-add-5.8.3-1.i386.rpm eb60dd4c6abc0f4b9894ea6a1473ffdc perl-man-5.8.3-1.i386.rpm 357d02c4844793bc36b7e92c41bb2e26 perl-pod-5.8.3-1.i386.rpm 5.3 Installation rpm -Fvh perl-5.8.3-1.i386.rpm rpm -Fvh perl-add-5.8.3-1.i386.rpm rpm -Fvh perl-man-5.8.3-1.i386.rpm rpm -Fvh perl-pod-5.8.3-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-007.0/SRPMS 5.5 Source Packages 6b1fdec04ed3c6d4de7b0c65528e71cd perl-5.8.3-1.src.rpm 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323 http://www.iss.net/security_center/static/10574.php http://www.securityfocus.com/bid/6111 http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5 http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr887196 fz528498 erg712494. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements SCO would like to thank Andreas Jurenda ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SCO/UNIX_SVR5) iD8DBQFANmqybluZssSXDTERAlihAKDJmttTCjq9c0C1Fuaa6mDV6n6y2QCbBbNa xtexYEHCq6tX0LaYTCREjkQ= =ld1L -----END PGP SIGNATURE-----


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds