English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.67523
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2010:0457
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0457.

Perl is a high-level programming language commonly used for system
administration utilities and web programming. The Safe extension module
allows users to compile and execute Perl code in restricted compartments.

The Safe module did not properly restrict the code of implicitly called
methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects
returned as a result of unsafe code evaluation. These methods could have
been executed unrestricted by Safe when such objects were accessed or
destroyed. A specially-crafted Perl script executed inside of a Safe
compartment could use this flaw to bypass intended Safe module
restrictions. (CVE-2010-1168)

The Safe module did not properly restrict code compiled in a Safe
compartment and executed out of the compartment via a subroutine reference
returned as a result of unsafe code evaluation. A specially-crafted Perl
script executed inside of a Safe compartment could use this flaw to bypass
intended Safe module restrictions, if the returned subroutine reference was
called from outside of the compartment. (CVE-2010-1447)

Red Hat would like to thank Tim Bunce for responsibly reporting the
CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton
as the original reporter of CVE-2010-1168, and Tim Bunce and Rafaël
Garcia-Suarez as the original reporters of CVE-2010-1447.

These packages upgrade the Safe extension module to version 2.27. Refer to
the Safe module's Changes file, linked to in the References, for a full
list of changes.

Users of perl are advised to upgrade to these updated packages, which
correct these issues. All applications using the Safe extension module must
be restarted for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0457.html
http://www.redhat.com/security/updates/classification/#moderate
http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes

Risk factor : Critical

CVSS Score:
8.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1168
1024062
http://securitytracker.com/id?1024062
40049
http://secunia.com/advisories/40049
40052
http://secunia.com/advisories/40052
42402
http://secunia.com/advisories/42402
ADV-2010-3075
http://www.vupen.com/english/advisories/2010/3075
MDVSA-2010:115
http://www.mandriva.com/security/advisories?name=MDVSA-2010:115
MDVSA-2010:116
http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
RHSA-2010:0457
http://www.redhat.com/support/errata/RHSA-2010-0457.html
RHSA-2010:0458
http://www.redhat.com/support/errata/RHSA-2010-0458.html
[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request
http://www.openwall.com/lists/oss-security/2010/05/20/5
http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html
http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in
http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
https://bugzilla.redhat.com/show_bug.cgi?id=576508
oval:org.mitre.oval:def:7424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424
oval:org.mitre.oval:def:9807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807
Common Vulnerability Exposure (CVE) ID: CVE-2010-1447
1023988
http://www.securitytracker.com/id?1023988
39845
http://secunia.com/advisories/39845
40305
http://www.securityfocus.com/bid/40305
64756
http://osvdb.org/64756
ADV-2010-1167
http://www.vupen.com/english/advisories/2010/1167
DSA-2267
http://www.debian.org/security/2011/dsa-2267
http://security-tracker.debian.org/tracker/CVE-2010-1447
http://www.postgresql.org/about/news.1203
https://bugs.launchpad.net/bugs/cve/2010-1447
https://bugzilla.redhat.com/show_bug.cgi?id=588269
oval:org.mitre.oval:def:11530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530
oval:org.mitre.oval:def:7320
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.