Gentoo Local Security Checks : Gentoo Security Advisory GLSA 201111-09 (Safe)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70798

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 201111-09 (Safe)

Resumen: The remote host is missing updates announced in;advisory GLSA 201111-09.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 201111-09.

Vulnerability Insight:
The Safe module for Perl does not properly restrict code, allowing
a remote attacker to execute arbitrary Perl code outside of a
restricted
compartment.

Solution:
All users of the standalone Perl Safe module should upgrade to the
latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=perl-core/Safe-2.27'

All users of the Safe module bundled with Perl should upgrade to the
latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=virtual/perl-Safe-2.27'

NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since July 18, 2010. It is likely that your system is
already
no longer affected by this issue.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1168
1024062
http://securitytracker.com/id?1024062
40049
http://secunia.com/advisories/40049
40052
http://secunia.com/advisories/40052
42402
http://secunia.com/advisories/42402
ADV-2010-3075
http://www.vupen.com/english/advisories/2010/3075
MDVSA-2010:115
http://www.mandriva.com/security/advisories?name=MDVSA-2010:115
MDVSA-2010:116
http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
RHSA-2010:0457
http://www.redhat.com/support/errata/RHSA-2010-0457.html
RHSA-2010:0458
http://www.redhat.com/support/errata/RHSA-2010-0458.html
[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request
http://www.openwall.com/lists/oss-security/2010/05/20/5
http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html
http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in
http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
https://bugzilla.redhat.com/show_bug.cgi?id=576508
oval:org.mitre.oval:def:7424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424
oval:org.mitre.oval:def:9807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70798
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201111-09 (Safe)
Resumen:	The remote host is missing updates announced in;advisory GLSA 201111-09.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 201111-09. Vulnerability Insight: The Safe module for Perl does not properly restrict code, allowing a remote attacker to execute arbitrary Perl code outside of a restricted compartment. Solution: All users of the standalone Perl Safe module should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=perl-core/Safe-2.27' All users of the Safe module bundled with Perl should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=virtual/perl-Safe-2.27' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since July 18, 2010. It is likely that your system is already no longer affected by this issue. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1168 1024062 http://securitytracker.com/id?1024062 40049 http://secunia.com/advisories/40049 40052 http://secunia.com/advisories/40052 42402 http://secunia.com/advisories/42402 ADV-2010-3075 http://www.vupen.com/english/advisories/2010/3075 MDVSA-2010:115 http://www.mandriva.com/security/advisories?name=MDVSA-2010:115 MDVSA-2010:116 http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 RHSA-2010:0457 http://www.redhat.com/support/errata/RHSA-2010-0457.html RHSA-2010:0458 http://www.redhat.com/support/errata/RHSA-2010-0458.html [oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request http://www.openwall.com/lists/oss-security/2010/05/20/5 http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 https://bugzilla.redhat.com/show_bug.cgi?id=576508 oval:org.mitre.oval:def:7424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424 oval:org.mitre.oval:def:9807 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807
Copyright	Copyright (C) 2012 E-Soft Inc.