Bug 576508 (CVE-2010-1168)

Summary: CVE-2010-1168 perl Safe: Intended restriction bypass via object references
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: hhorak, mmaslano, ohudlick, security-response-team, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://perldoc.perl.org/Safe.html
Whiteboard: impact=moderate,source=redhat,reported=20100318,public=20100520,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 591159, 591160, 591161, 591167, 591168, 598397, 598398    
Bug Blocks:    

Description Jan Lieskovsky 2010-03-24 06:31:31 EDT
  Safe.pm 2.24 and earlier, when used in Perl 5.10.0 and earlier, may allow
attackers to break out of safe compartment in (1) Safe::reval or (2) Safe::rdo 
using implicitly called methods (such as DESTROY or AUTOLOAD) on implicitly 
blessed Perl objects, returned as a result of unsafe code evaluation. These 
methods could have been executed unrestricted by Safe, when such objects were 
accessed or destroyed.
  If a victim was tricked into running a specially-crafted Perl script, using 
Safe extension module, it could lead to intended Safe module restriction bypass.
  Different vulnerability than CVE-2010-1447.  

Solution: Upgrade to Safe.pm v2.25 or higher.

  [1] http://search.cpan.org/~rgarcia/Safe-2.27/Safe.pm


Red Hat would like to thank Tim Bunce for responsibly reporting this issue. Upstream acknowledges Nick Cleaton as the original reporter.
Comment 7 Jan Lieskovsky 2010-04-21 12:15:50 EDT
This is CVE-2010-1168.
Comment 16 Tomas Hoger 2010-06-01 06:11:25 EDT
*** Bug 593857 has been marked as a duplicate of this bug. ***
Comment 18 errata-xmlrpc 2010-06-07 11:29:31 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4

Via RHSA-2010:0457 https://rhn.redhat.com/errata/RHSA-2010-0457.html
Comment 19 errata-xmlrpc 2010-06-07 12:21:32 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0458 https://rhn.redhat.com/errata/RHSA-2010-0458.html
Comment 20 Fedora Update System 2010-08-02 21:10:12 EDT
perl-5.10.1-116.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.