CVE-2010-1168
First published: Wed Mar 24 2010(Updated: )
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/perl | <3:5.8.5-53.el4 | 3:5.8.5-53.el4 |
| redhat/perl | <4:5.8.8-32.el5_5.1 | 4:5.8.8-32.el5_5.1 |
| Safe | =2.08 | |
| Safe | =2.09 | |
| Safe | =2.11 | |
| Safe | =2.13 | |
| Safe | =2.14 | |
| Safe | =2.15 | |
| Safe | =2.16 | |
| Safe | =2.17 | |
| Safe | =2.18 | |
| Safe | =2.19 | |
| Safe | =2.20 | |
| Safe | =2.21 | |
| Safe | =2.22 | |
| Safe | =2.23 | |
| Safe | =2.24 | |
| Perl 5.30.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2010/05/20/5
- http://www.redhat.com/support/errata/RHSA-2010-0457.html
- http://www.redhat.com/support/errata/RHSA-2010-0458.html
- http://secunia.com/advisories/40049
- http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:115
- http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
- https://bugzilla.redhat.com/show_bug.cgi?id=576508
- http://secunia.com/advisories/40052
- http://securitytracker.com/id?1024062
- http://secunia.com/advisories/42402
- http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in
- http://www.vupen.com/english/advisories/2010/3075
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424
- https://access.redhat.com/security/cve/CVE-2010-1447
- http://search.cpan.org/~rgarcia/Safe-2.27/Safe.pm
- https://access.redhat.com/security/cve/CVE-2010-1168
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=593857
- https://rhn.redhat.com/errata/RHSA-2010-0457.html
- https://rhn.redhat.com/errata/RHSA-2010-0458.html
- https://www.cve.org/CVERecord?id=CVE-2010-1168 https://nvd.nist.gov/vuln/detail/CVE-2010-1168
- https://access.redhat.com/errata/RHSA-2010:0457
- https://access.redhat.com/errata/RHSA-2010:0458
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1168.json
Frequently Asked Questions
What are the potential risks associated with CVE-2010-1168?
CVE-2010-1168 allows attackers to bypass access restrictions in the Safe module for Perl, potentially leading to the injection and execution of arbitrary code.
How can I remediate CVE-2010-1168?
To fix CVE-2010-1168, you should upgrade to Safe module version 2.25 or later.
Which versions of the Safe module are affected by CVE-2010-1168?
CVE-2010-1168 affects Safe module versions before 2.25, including 2.08 through 2.24.
What Perl versions are vulnerable to CVE-2010-1168?
Perl versions 5.8.5-53.el4 and 5.8.8-32.el5_5.1 are among those that can have the vulnerability due to the affected Safe module.
What is the main attack vector for CVE-2010-1168?
The main attack vector for CVE-2010-1168 involves calling methods and using objects in a way that circumvents Safe module restrictions.
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1168
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/rafael garcia-suarez
- canonical/safe
- version/safe/2.08
- version/safe/2.09
- version/safe/2.11
- version/safe/2.13
- version/safe/2.14
- version/safe/2.15
- version/safe/2.16
- version/safe/2.17
- version/safe/2.18
- version/safe/2.19
- version/safe/2.20
- version/safe/2.21
- version/safe/2.22
- version/safe/2.23
- version/safe/2.24
- vendor/perl
- canonical/perl 5.30.0