Info

Disclosure

Nov 05, 2002

Discovery

Nov 05, 2002

Dates

Exploit

Unknown

Solution

Unknown

Description

Safe.pm contains a flaw that could allow a local or remote attacker execute code outside of Safe.pm's restricted environment called a compartment. If the compartment has been accessed at least once, an attacker could change the the mask of the compartment to access code outside of the compartment.

Classification

Unknown or Incomplete

Solution

Upgrade to the latest version of Safe.pm. Check with your vendor's website for OS specific updates or check http://www.cpan.org

Products

Perl	Safe.pm	2.06
		2.07

References

ISS X-Force ID: 10574
Secunia Advisory ID: 10750
CVE ID: 2002-1323 (see also: NVD)
Bugtraq ID: 6111
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
Other Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
http://groups.google.com/groups?threadm=rt-17744-39131.3.96370682846239%40bugs6.perl.org
http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
Generic Informational URL: http://search.cpan.org/
http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
Vendor URL: http://www.perl.org/
CIAC Advisory: n-155

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/2183