CVE-2002-1323
First published: Wed Dec 11 2002(Updated: )
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| cpan Safe.pm | =2.0_7 | |
| sun linux | =5.0.7 | |
| SGI IRIX | =6.5.6 | |
| SGI IRIX | =6.5.17f | |
| SGI IRIX | =6.5.1 | |
| SGI IRIX | =6.5.10 | |
| SGI IRIX | =6.5.17 | |
| SGI IRIX | =6.5.12 | |
| SGI IRIX | =6.5.18f | |
| SGI IRIX | =6.5.19f | |
| SGI IRIX | =6.5.21f | |
| SGI IRIX | =6.5.9 | |
| SGI IRIX | =6.5.21m | |
| SGI IRIX | =6.5.19 | |
| SGI IRIX | =6.5.17m | |
| SGI IRIX | =6.5.20m | |
| SGI IRIX | =6.5.15 | |
| SGI IRIX | =6.5.3 | |
| SGI IRIX | =6.5.14 | |
| SGI IRIX | =6.5.8 | |
| SGI IRIX | =6.5.19m | |
| SGI IRIX | =6.5.20f | |
| cpan Safe.pm | =2.0_6 | |
| SGI IRIX | =6.5.5 | |
| SGI IRIX | =6.5.4 | |
| SGI IRIX | =6.5.11 | |
| SGI IRIX | =6.5.2 | |
| SGI IRIX | =6.5 | |
| SGI IRIX | =6.5.7 | |
| SGI IRIX | =6.5.18 | |
| SGI IRIX | =6.5.18m | |
| SGI IRIX | =6.5.22 | |
| SGI IRIX | =6.5.13 | |
| SGI IRIX | =6.5.16 | |
| Xinuos UnixWare | =7.1.3 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Linux Advanced Workstation | =2.1 | |
| Sun SunOS | =5.8 | |
| Oracle Solaris SPARC | =9.0 | |
| SCO Open UNIX | =8.0 | |
| Oracle Solaris SPARC | =9.0 | |
| Red Hat Enterprise Linux | =2.1 | |
| Red Hat Enterprise Linux | =2.1 | |
| Xinuos UnixWare | =7.1.2 | |
| Oracle Solaris SPARC | =8.0 | |
| Red Hat Enterprise Linux | =2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
- http://www.securityfocus.com/bid/6111
- http://www.debian.org/security/2002/dsa-208
- http://www.iss.net/security_center/static/10574.php
- http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
- http://www.redhat.com/support/errata/RHSA-2003-256.html
- http://www.redhat.com/support/errata/RHSA-2003-257.html
- http://www.osvdb.org/2183
- http://www.osvdb.org/3814
- http://marc.info/?l=bugtraq&m=104040175522502&w=2
- http://marc.info/?l=bugtraq&m=104033126305252&w=2
- http://marc.info/?l=bugtraq&m=104005919814869&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1160
Frequently Asked Questions
What is the severity of CVE-2002-1323?
CVE-2002-1323 is considered a high severity vulnerability due to its potential to allow code execution outside of safe compartments.
How do I fix CVE-2002-1323?
To fix CVE-2002-1323, upgrade to Safe.pm version 2.0.8 or later which addresses this vulnerability.
What software is affected by CVE-2002-1323?
Software using Safe.pm version 2.0.7 and earlier, particularly those deployed on Perl 5.8.0 and earlier, are affected by CVE-2002-1323.
What is the impact of exploiting CVE-2002-1323?
Exploiting CVE-2002-1323 can lead to unauthorized access to the underlying system, allowing attackers to execute arbitrary code.
Is there a workaround for CVE-2002-1323?
A temporary workaround for CVE-2002-1323 is to avoid using Safe::reval or Safe::rdo until the Safe.pm package has been upgraded.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- vendor/safe.pm
- product/safe.pm
- canonical/safe.pm safe.pm
- vendor/sun
- product/linux
- canonical/sun linux
- vendor/sgi
- product/irix
- canonical/sgi irix
- vendor/sco
- product/unixware
- canonical/sco unixware
- vendor/redhat
- product/enterprise linux
- canonical/redhat enterprise linux
- product/linux advanced workstation
- canonical/redhat linux advanced workstation
- product/sunos
- canonical/sun sunos
- product/solaris
- canonical/sun solaris
- product/open unix
- canonical/sco open unix
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/cpan safe.pm
- version/cpan safe.pm/2.0_7
- version/sun linux/5.0.7
- version/sgi irix/6.5.6
- version/sgi irix/6.5.17f
- version/sgi irix/6.5.1
- version/sgi irix/6.5.10
- version/sgi irix/6.5.17
- version/sgi irix/6.5.12
- version/sgi irix/6.5.18f
- version/sgi irix/6.5.19f
- version/sgi irix/6.5.21f
- version/sgi irix/6.5.9
- version/sgi irix/6.5.21m
- version/sgi irix/6.5.19
- version/sgi irix/6.5.17m
- version/sgi irix/6.5.20m
- version/sgi irix/6.5.15
- version/sgi irix/6.5.3
- version/sgi irix/6.5.14
- version/sgi irix/6.5.8
- version/sgi irix/6.5.19m
- version/sgi irix/6.5.20f
- version/cpan safe.pm/2.0_6
- version/sgi irix/6.5.5
- version/sgi irix/6.5.4
- version/sgi irix/6.5.11
- version/sgi irix/6.5.2
- version/sgi irix/6.5
- version/sgi irix/6.5.7
- version/sgi irix/6.5.18
- version/sgi irix/6.5.18m
- version/sgi irix/6.5.22
- version/sgi irix/6.5.13
- version/sgi irix/6.5.16
- canonical/xinuos unixware
- version/xinuos unixware/7.1.3
- canonical/red hat enterprise linux
- version/red hat enterprise linux/2.1
- canonical/red hat linux advanced workstation
- version/red hat linux advanced workstation/2.1
- version/sun sunos/5.8
- canonical/oracle solaris sparc
- version/oracle solaris sparc/9.0
- version/sco open unix/8.0
- version/xinuos unixware/7.1.2
- version/oracle solaris sparc/8.0