Safe.pm 2.26 and earlier (except 2.20 through 2.23 if using a threads-enabled Perl), when used in Perl 5.10.0 and earlier, may allow attackers to break out of safe compartment in (1) Safe::reval or (2) Safe::rdo using subroutine references, whose execution is delayed to happen outside of the safe compartment. If a victim was tricked into running a specially-crafted Perl script, using Safe extension module, it could lead to intended Safe module restrictions bypass, if the returned subroutine reference was called from outside of the compartment. Different vulnerability than CVE-2010-1168. Solution: Ugrade to Safe.pm v2.27 or higher. References: [1] http://search.cpan.org/~rgarcia/Safe-2.27/Safe.pm Acknowledgements: Red Hat would like to thank Tim Bunce for responsibly reporting this flaw. Upstream credits also Rafaël Garcia-Suarez for discovering of this issue.
This is CVE-2010-1447.
This issue is public now, but MITRE has given it a strange description that may be confusing to people as it refers to PostgreSQL more than Perl: Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1447 to the following vulnerability: Name: CVE-2010-1447 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447 Assigned: 20100415 Reference: CONFIRM: http://security-tracker.debian.org/tracker/CVE-2010-1447 Reference: CONFIRM: http://www.postgresql.org/about/news.1203 Reference: CONFIRM: https://bugs.launchpad.net/bugs/cve/2010-1447 Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=588269 Reference: SECUNIA:39845 Reference: URL: http://secunia.com/advisories/39845 Reference: VUPEN:ADV-2010-1167 Reference: URL: http://www.vupen.com/english/advisories/2010/1167 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which might allow remote attackers to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl.
It's probably PostgreSQL announcement that's causing the confusion, as it mentions perl CVE-2010-1447 too, and there was no public reference for CVE-2010-1447 at that time. Quick disambiguation summary - CVE-2010-1447 (for perl/Safe) and CVE-2010-1169 (for PostgreSQL) are closely related and describe basically the same issue. Safe fix makes sure that subroutines called form outside of the compartment is still restricted by Safe. This approach did not work for PostgreSQL, which instead abandoned Safe and relies on Opcode now instead.
(In reply to comment #8) > This issue is public now, but MITRE has given it a strange description that may > be confusing to people as it refers to PostgreSQL more than Perl: > Detailed post trying to solve the current confusion: [1] http://www.openwall.com/lists/oss-security/2010/05/20/5
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Via RHSA-2010:0457 https://rhn.redhat.com/errata/RHSA-2010-0457.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0458 https://rhn.redhat.com/errata/RHSA-2010-0458.html
perl-5.10.1-116.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.