Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.67523
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2010:0457
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0457.

Perl is a high-level programming language commonly used for system
administration utilities and web programming. The Safe extension module
allows users to compile and execute Perl code in restricted compartments.

The Safe module did not properly restrict the code of implicitly called
methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects
returned as a result of unsafe code evaluation. These methods could have
been executed unrestricted by Safe when such objects were accessed or
destroyed. A specially-crafted Perl script executed inside of a Safe
compartment could use this flaw to bypass intended Safe module
restrictions. (CVE-2010-1168)

The Safe module did not properly restrict code compiled in a Safe
compartment and executed out of the compartment via a subroutine reference
returned as a result of unsafe code evaluation. A specially-crafted Perl
script executed inside of a Safe compartment could use this flaw to bypass
intended Safe module restrictions, if the returned subroutine reference was
called from outside of the compartment. (CVE-2010-1447)

Red Hat would like to thank Tim Bunce for responsibly reporting the
CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton
as the original reporter of CVE-2010-1168, and Tim Bunce and Rafaël
Garcia-Suarez as the original reporters of CVE-2010-1447.

These packages upgrade the Safe extension module to version 2.27. Refer to
the Safe module's Changes file, linked to in the References, for a full
list of changes.

Users of perl are advised to upgrade to these updated packages, which
correct these issues. All applications using the Safe extension module must
be restarted for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0457.html
http://www.redhat.com/security/updates/classification/#moderate
http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes

Risk factor : Critical

CVSS Score:
8.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1168
http://www.mandriva.com/security/advisories?name=MDVSA-2010:115
http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
http://www.openwall.com/lists/oss-security/2010/05/20/5
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807
http://www.redhat.com/support/errata/RHSA-2010-0457.html
http://www.redhat.com/support/errata/RHSA-2010-0458.html
http://securitytracker.com/id?1024062
http://secunia.com/advisories/40049
http://secunia.com/advisories/40052
http://secunia.com/advisories/42402
http://www.vupen.com/english/advisories/2010/3075
Common Vulnerability Exposure (CVE) ID: CVE-2010-1447
BugTraq ID: 40305
http://www.securityfocus.com/bid/40305
Debian Security Information: DSA-2267 (Google Search)
http://www.debian.org/security/2011/dsa-2267
http://osvdb.org/64756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320
http://www.securitytracker.com/id?1023988
http://secunia.com/advisories/39845
http://www.vupen.com/english/advisories/2010/1167
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.