OpenLinux: Perl Safe.pm unsafe access
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenLinux: Perl Safe.pm unsafe access
Advisory number: CSSA-2004-007.0
Issue date: 2004 February 20
Cross reference: sr887196 fz528498 erg712494 CAN-2002-1323
______________________________________________________________________________
1. Problem Description
When Perl code is executed within a Safe compartment, it cannot
access variables outside of the compartment unless the outside
code chooses to share the variables with the code inside the
compartment.
If code inside a Safe compartment is executed via Safe->reval()
twice, it is able to change its operation mask the second time.
This could allow the code to access variables outside the Safe
compartment.
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may
allow attackers to break out of safe compartments in (1) Safe::reval
or (2) Safe::rdo using a redefined @_ variable, which is not reset
between successive calls.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2002-1323 to this issue.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to perl-5.8.3-1.i386.rpm
prior to perl-add-5.8.3-1.i386.rpm
prior to perl-man-5.8.3-1.i386.rpm
prior to perl-pod-5.8.3-1.i386.rpm
OpenLinux 3.1.1 Workstation prior to perl-5.8.3-1.i386.rpm
prior to perl-add-5.8.3-1.i386.rpm
prior to perl-man-5.8.3-1.i386.rpm
prior to perl-pod-5.8.3-1.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-007.0/RPMS
4.2 Packages
8fc1043f58ddc9f2c48a392e3a9e5707 perl-5.8.3-1.i386.rpm
c52377b6aa6ba00169108fdf1060e239 perl-add-5.8.3-1.i386.rpm
cb4dbc39349ea672b47bfc776f3b0fa4 perl-man-5.8.3-1.i386.rpm
010741a985deaf7e2b8a289d3e4b4b8b perl-pod-5.8.3-1.i386.rpm
4.3 Installation
rpm -Fvh perl-5.8.3-1.i386.rpm
rpm -Fvh perl-add-5.8.3-1.i386.rpm
rpm -Fvh perl-man-5.8.3-1.i386.rpm
rpm -Fvh perl-pod-5.8.3-1.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-007.0/SRPMS
4.5 Source Packages
aa44c605f0c3c82cef1096c2c9f1e958 perl-5.8.3-1.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-007.0/RPMS
5.2 Packages
21a823ce2022d2c3a69848b48d06d9de perl-5.8.3-1.i386.rpm
77b22dc0bdf24d927e635e76f4706a05 perl-add-5.8.3-1.i386.rpm
eb60dd4c6abc0f4b9894ea6a1473ffdc perl-man-5.8.3-1.i386.rpm
357d02c4844793bc36b7e92c41bb2e26 perl-pod-5.8.3-1.i386.rpm
5.3 Installation
rpm -Fvh perl-5.8.3-1.i386.rpm
rpm -Fvh perl-add-5.8.3-1.i386.rpm
rpm -Fvh perl-man-5.8.3-1.i386.rpm
rpm -Fvh perl-pod-5.8.3-1.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-007.0/SRPMS
5.5 Source Packages
6b1fdec04ed3c6d4de7b0c65528e71cd perl-5.8.3-1.src.rpm
6. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323
http://www.iss.net/security_center/static/10574.php
http://www.securityfocus.com/bid/6111
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr887196 fz528498
erg712494.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
8. Acknowledgements
SCO would like to thank Andreas Jurenda
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)
iD8DBQFANmqybluZssSXDTERAlihAKDJmttTCjq9c0C1Fuaa6mDV6n6y2QCbBbNa
xtexYEHCq6tX0LaYTCREjkQ=
=ld1L
-----END PGP SIGNATURE-----