<<< Date Index >>>     <<< Thread Index >>>

OpenLinux: Perl Safe.pm unsafe access



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenLinux: Perl Safe.pm unsafe access
Advisory number:        CSSA-2004-007.0
Issue date:             2004 February 20
Cross reference:        sr887196 fz528498 erg712494 CAN-2002-1323
______________________________________________________________________________


1. Problem Description

        When Perl code is executed within a Safe compartment, it cannot
        access variables outside of the compartment unless the outside
        code chooses to share the variables with the code inside the
        compartment. 

        If code inside a Safe compartment is executed via Safe->reval() 
        twice, it is able to change its operation mask the second time. 
        This could allow the code to access variables outside the Safe 
        compartment. 

        Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may 
        allow attackers to break out of safe compartments in (1) Safe::reval 
        or (2) Safe::rdo using a redefined @_ variable, which is not reset 
        between successive calls.

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2002-1323 to this issue.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------
        OpenLinux 3.1.1 Server          prior to perl-5.8.3-1.i386.rpm
                                        prior to perl-add-5.8.3-1.i386.rpm
                                        prior to perl-man-5.8.3-1.i386.rpm
                                        prior to perl-pod-5.8.3-1.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to perl-5.8.3-1.i386.rpm
                                        prior to perl-add-5.8.3-1.i386.rpm
                                        prior to perl-man-5.8.3-1.i386.rpm
                                        prior to perl-pod-5.8.3-1.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-007.0/RPMS

        4.2 Packages

        8fc1043f58ddc9f2c48a392e3a9e5707        perl-5.8.3-1.i386.rpm
        c52377b6aa6ba00169108fdf1060e239        perl-add-5.8.3-1.i386.rpm
        cb4dbc39349ea672b47bfc776f3b0fa4        perl-man-5.8.3-1.i386.rpm
        010741a985deaf7e2b8a289d3e4b4b8b        perl-pod-5.8.3-1.i386.rpm

        4.3 Installation

        rpm -Fvh perl-5.8.3-1.i386.rpm
        rpm -Fvh perl-add-5.8.3-1.i386.rpm
        rpm -Fvh perl-man-5.8.3-1.i386.rpm
        rpm -Fvh perl-pod-5.8.3-1.i386.rpm

        4.4 Source Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-007.0/SRPMS

        4.5 Source Packages

        aa44c605f0c3c82cef1096c2c9f1e958        perl-5.8.3-1.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-007.0/RPMS

        5.2 Packages

        21a823ce2022d2c3a69848b48d06d9de        perl-5.8.3-1.i386.rpm
        77b22dc0bdf24d927e635e76f4706a05        perl-add-5.8.3-1.i386.rpm
        eb60dd4c6abc0f4b9894ea6a1473ffdc        perl-man-5.8.3-1.i386.rpm
        357d02c4844793bc36b7e92c41bb2e26        perl-pod-5.8.3-1.i386.rpm

        5.3 Installation

        rpm -Fvh perl-5.8.3-1.i386.rpm
        rpm -Fvh perl-add-5.8.3-1.i386.rpm
        rpm -Fvh perl-man-5.8.3-1.i386.rpm
        rpm -Fvh perl-pod-5.8.3-1.i386.rpm

        5.4 Source Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-007.0/SRPMS

        5.5 Source Packages

        6b1fdec04ed3c6d4de7b0c65528e71cd        perl-5.8.3-1.src.rpm


6. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323
                http://www.iss.net/security_center/static/10574.php
                http://www.securityfocus.com/bid/6111
                
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
                http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
                http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744


        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr887196 fz528498
        erg712494.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


8. Acknowledgements

        SCO would like to thank Andreas Jurenda

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFANmqybluZssSXDTERAlihAKDJmttTCjq9c0C1Fuaa6mDV6n6y2QCbBbNa
xtexYEHCq6tX0LaYTCREjkQ=
=ld1L
-----END PGP SIGNATURE-----