VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1168

safe: The Safe (aka Safe.pm) module before 2.25 for Perl ...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1168

Original

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-06-21

Source Information Category:

Advisory, Alert

Last Updated:

2010-06-22

Affected Product Tags

cpe:/a:perl:perl

cpe:/a:rafael_garcia-suarez:safe:2.08

cpe:/a:rafael_garcia-suarez:safe:2.09

cpe:/a:rafael_garcia-suarez:safe:2.11

cpe:/a:rafael_garcia-suarez:safe:2.13

cpe:/a:rafael_garcia-suarez:safe:2.14

cpe:/a:rafael_garcia-suarez:safe:2.15

cpe:/a:rafael_garcia-suarez:safe:2.16

cpe:/a:rafael_garcia-suarez:safe:2.17

cpe:/a:rafael_garcia-suarez:safe:2.18

cpe:/a:rafael_garcia-suarez:safe:2.19

cpe:/a:rafael_garcia-suarez:safe:2.20

cpe:/a:rafael_garcia-suarez:safe:2.21

cpe:/a:rafael_garcia-suarez:safe:2.22

cpe:/a:rafael_garcia-suarez:safe:2.23

cpe:/a:rafael_garcia-suarez:safe:2.24

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=576508

CONFIRM http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes

CONFIRM http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html

MANDRIVA MDVSA-2010:116

MANDRIVA MDVSA-2010:115

MLIST [oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request

REDHAT RHSA-2010:0458

REDHAT RHSA-2010:0457

SECTRACK 1024062

SECUNIA 40052

SECUNIA 40049

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)