CVE-2010-1447
First published: Mon May 03 2010(Updated: )
Safe.pm 2.26 and earlier (except 2.20 through 2.23 if using a threads-enabled Perl), when used in Perl 5.10.0 and earlier, may allow attackers to break out of safe compartment in (1) Safe::reval or (2) Safe::rdo using subroutine references, whose execution is delayed to happen outside of the safe compartment. If a victim was tricked into running a specially-crafted Perl script, using Safe extension module, it could lead to intended Safe module restrictions bypass, if the returned subroutine reference was called from outside of the compartment. Different vulnerability than <a href="https://access.redhat.com/security/cve/CVE-2010-1168">CVE-2010-1168</a>. Solution: Ugrade to Safe.pm v2.27 or higher. References: [1] <a href="http://search.cpan.org/~rgarcia/Safe-2.27/Safe.pm">http://search.cpan.org/~rgarcia/Safe-2.27/Safe.pm</a> Acknowledgements: Red Hat would like to thank Tim Bunce for responsibly reporting this flaw. Upstream credits also Rafaël Garcia-Suarez for discovering of this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/perl | <3:5.8.5-53.el4 | 3:5.8.5-53.el4 |
| redhat/perl | <4:5.8.8-32.el5_5.1 | 4:5.8.8-32.el5_5.1 |
| PostgreSQL Common | =7.4.16 | |
| PostgreSQL Common | =7.4.24 | |
| PostgreSQL Common | =7.4.22 | |
| PostgreSQL Common | =7.4.21 | |
| PostgreSQL Common | =7.4.19 | |
| PostgreSQL Common | =7.4.15 | |
| PostgreSQL Common | =7.4.1 | |
| PostgreSQL Common | =7.4.14 | |
| PostgreSQL Common | =7.4.26 | |
| PostgreSQL Common | =7.4.6 | |
| PostgreSQL Common | =7.4.23 | |
| PostgreSQL Common | =7.4.11 | |
| PostgreSQL Common | =7.4.7 | |
| PostgreSQL Common | =7.4.17 | |
| PostgreSQL Common | =7.4.3 | |
| PostgreSQL Common | =7.4.25 | |
| PostgreSQL Common | =7.4.9 | |
| PostgreSQL Common | =7.4.5 | |
| PostgreSQL Common | =7.4.18 | |
| PostgreSQL Common | =7.4.8 | |
| PostgreSQL Common | =7.4 | |
| PostgreSQL Common | =7.4.4 | |
| PostgreSQL Common | =7.4.28 | |
| PostgreSQL Common | =7.4.12 | |
| PostgreSQL Common | =7.4.27 | |
| PostgreSQL Common | =7.4.10 | |
| PostgreSQL Common | =7.4.20 | |
| PostgreSQL Common | =7.4.2 | |
| PostgreSQL Common | =7.4.13 | |
| PostgreSQL Common | =8.0.7 | |
| PostgreSQL Common | =8.0.2 | |
| PostgreSQL Common | =8.0.22 | |
| PostgreSQL Common | =8.0.17 | |
| PostgreSQL Common | =8.0.10 | |
| PostgreSQL Common | =8.0.12 | |
| PostgreSQL Common | =8.0.9 | |
| PostgreSQL Common | =8.0.15 | |
| PostgreSQL Common | =8.0.0 | |
| PostgreSQL Common | =8.0.18 | |
| PostgreSQL Common | =8.0.3 | |
| PostgreSQL Common | =8.0.24 | |
| PostgreSQL Common | =8.0.20 | |
| PostgreSQL Common | =8.0.8 | |
| PostgreSQL Common | =8.0.6 | |
| PostgreSQL Common | =8.0.16 | |
| PostgreSQL Common | =8.0.13 | |
| PostgreSQL Common | =8.0.1 | |
| PostgreSQL Common | =8.0.19 | |
| PostgreSQL Common | =8.0.21 | |
| PostgreSQL Common | =8.0.23 | |
| PostgreSQL Common | =8.0.4 | |
| PostgreSQL Common | =8.0.5 | |
| PostgreSQL Common | =8.0.14 | |
| PostgreSQL Common | =8.0.11 | |
| PostgreSQL Common | =8.0 | |
| PostgreSQL Common | =8.1.10 | |
| PostgreSQL Common | =8.1.6 | |
| PostgreSQL Common | =8.1.15 | |
| PostgreSQL Common | =8.1.7 | |
| PostgreSQL Common | =8.1.20 | |
| PostgreSQL Common | =8.1 | |
| PostgreSQL Common | =8.1.19 | |
| PostgreSQL Common | =8.1.13 | |
| PostgreSQL Common | =8.1.0 | |
| PostgreSQL Common | =8.1.3 | |
| PostgreSQL Common | =8.1.9 | |
| PostgreSQL Common | =8.1.14 | |
| PostgreSQL Common | =8.1.11 | |
| PostgreSQL Common | =8.1.17 | |
| PostgreSQL Common | =8.1.18 | |
| PostgreSQL Common | =8.1.4 | |
| PostgreSQL Common | =8.1.8 | |
| PostgreSQL Common | =8.1.1 | |
| PostgreSQL Common | =8.1.12 | |
| PostgreSQL Common | =8.1.5 | |
| PostgreSQL Common | =8.1.16 | |
| PostgreSQL Common | =8.1.2 | |
| PostgreSQL Common | =8.2.9 | |
| PostgreSQL Common | =8.2.10 | |
| PostgreSQL Common | =8.2.15 | |
| PostgreSQL Common | =8.2.4 | |
| PostgreSQL Common | =8.2.11 | |
| PostgreSQL Common | =8.2.12 | |
| PostgreSQL Common | =8.2.2 | |
| PostgreSQL Common | =8.2.5 | |
| PostgreSQL Common | =8.2.1 | |
| PostgreSQL Common | =8.2.7 | |
| PostgreSQL Common | =8.2.6 | |
| PostgreSQL Common | =8.2.3 | |
| PostgreSQL Common | =8.2.16 | |
| PostgreSQL Common | =8.2.8 | |
| PostgreSQL Common | =8.2.13 | |
| PostgreSQL Common | =8.2 | |
| PostgreSQL Common | =8.2.14 | |
| PostgreSQL Common | =8.3.6 | |
| PostgreSQL Common | =8.3.3 | |
| PostgreSQL Common | =8.3.2 | |
| PostgreSQL Common | =8.3.1 | |
| PostgreSQL Common | =8.3.5 | |
| PostgreSQL Common | =8.3.8 | |
| PostgreSQL Common | =8.3.7 | |
| PostgreSQL Common | =8.3.10 | |
| PostgreSQL Common | =8.3 | |
| PostgreSQL Common | =8.3.4 | |
| PostgreSQL Common | =8.3.9 | |
| PostgreSQL Common | =8.4.1 | |
| PostgreSQL Common | =8.4.3 | |
| PostgreSQL Common | =8.4 | |
| PostgreSQL Common | =8.4.2 | |
| PostgreSQL Common | =9.0.0-beta1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id?1023988
- http://secunia.com/advisories/39845
- http://secunia.com/advisories/40049
- http://secunia.com/advisories/40052
- http://www.securityfocus.com/bid/40305
- http://osvdb.org/64756
- http://www.vupen.com/english/advisories/2010/1167
- http://www.debian.org/security/2011/dsa-2267
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:115
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
- https://bugzilla.redhat.com/show_bug.cgi?id=588269
- http://www.redhat.com/support/errata/RHSA-2010-0457.html
- http://www.redhat.com/support/errata/RHSA-2010-0458.html
- http://www.openwall.com/lists/oss-security/2010/05/20/5
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://security-tracker.debian.org/tracker/CVE-2010-1447
- http://www.postgresql.org/about/news.1203
- https://bugs.launchpad.net/bugs/cve/2010-1447
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://access.redhat.com/security/cve/CVE-2010-1168
- http://search.cpan.org/~rgarcia/Safe-2.27/Safe.pm
- https://access.redhat.com/security/cve/CVE-2010-1447
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=588269
- https://access.redhat.com/security/cve/CVE-2010-1169
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=588269#c8
- https://rhn.redhat.com/errata/RHSA-2010-0457.html
- https://rhn.redhat.com/errata/RHSA-2010-0458.html
- https://www.cve.org/CVERecord?id=CVE-2010-1447 https://nvd.nist.gov/vuln/detail/CVE-2010-1447
- https://access.redhat.com/errata/RHSA-2010:0457
- https://access.redhat.com/errata/RHSA-2010:0458
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1447.json
Frequently Asked Questions
What is the severity of CVE-2010-1447?
CVE-2010-1447 is considered to have moderate severity due to its potential to allow attackers to escape safe compartments.
How do I fix CVE-2010-1447?
To fix CVE-2010-1447, upgrade to Safe.pm version 2.27 or later to prevent the exploitation of this vulnerability.
What software versions are affected by CVE-2010-1447?
CVE-2010-1447 affects Safe.pm versions 2.26 and earlier, specifically when used with Perl 5.10.0 and earlier.
Can CVE-2010-1447 be exploited remotely?
Yes, CVE-2010-1447 can potentially be exploited remotely if the affected software is accessible.
What steps should I take after discovering CVE-2010-1447 in my environment?
After discovering CVE-2010-1447, immediately apply the recommended software upgrade and monitor for any unusual activity.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1447
- collector/redhat-cve
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/postgresql
- canonical/postgresql common
- version/postgresql common/7.4.16
- version/postgresql common/7.4.24
- version/postgresql common/7.4.22
- version/postgresql common/7.4.21
- version/postgresql common/7.4.19
- version/postgresql common/7.4.15
- version/postgresql common/7.4.1
- version/postgresql common/7.4.14
- version/postgresql common/7.4.26
- version/postgresql common/7.4.6
- version/postgresql common/7.4.23
- version/postgresql common/7.4.11
- version/postgresql common/7.4.7
- version/postgresql common/7.4.17
- version/postgresql common/7.4.3
- version/postgresql common/7.4.25
- version/postgresql common/7.4.9
- version/postgresql common/7.4.5
- version/postgresql common/7.4.18
- version/postgresql common/7.4.8
- version/postgresql common/7.4
- version/postgresql common/7.4.4
- version/postgresql common/7.4.28
- version/postgresql common/7.4.12
- version/postgresql common/7.4.27
- version/postgresql common/7.4.10
- version/postgresql common/7.4.20
- version/postgresql common/7.4.2
- version/postgresql common/7.4.13
- version/postgresql common/8.0.7
- version/postgresql common/8.0.2
- version/postgresql common/8.0.22
- version/postgresql common/8.0.17
- version/postgresql common/8.0.10
- version/postgresql common/8.0.12
- version/postgresql common/8.0.9
- version/postgresql common/8.0.15
- version/postgresql common/8.0.0
- version/postgresql common/8.0.18
- version/postgresql common/8.0.3
- version/postgresql common/8.0.24
- version/postgresql common/8.0.20
- version/postgresql common/8.0.8
- version/postgresql common/8.0.6
- version/postgresql common/8.0.16
- version/postgresql common/8.0.13
- version/postgresql common/8.0.1
- version/postgresql common/8.0.19
- version/postgresql common/8.0.21
- version/postgresql common/8.0.23
- version/postgresql common/8.0.4
- version/postgresql common/8.0.5
- version/postgresql common/8.0.14
- version/postgresql common/8.0.11
- version/postgresql common/8.0
- version/postgresql common/8.1.10
- version/postgresql common/8.1.6
- version/postgresql common/8.1.15
- version/postgresql common/8.1.7
- version/postgresql common/8.1.20
- version/postgresql common/8.1
- version/postgresql common/8.1.19
- version/postgresql common/8.1.13
- version/postgresql common/8.1.0
- version/postgresql common/8.1.3
- version/postgresql common/8.1.9
- version/postgresql common/8.1.14
- version/postgresql common/8.1.11
- version/postgresql common/8.1.17
- version/postgresql common/8.1.18
- version/postgresql common/8.1.4
- version/postgresql common/8.1.8
- version/postgresql common/8.1.1
- version/postgresql common/8.1.12
- version/postgresql common/8.1.5
- version/postgresql common/8.1.16
- version/postgresql common/8.1.2
- version/postgresql common/8.2.9
- version/postgresql common/8.2.10
- version/postgresql common/8.2.15
- version/postgresql common/8.2.4
- version/postgresql common/8.2.11
- version/postgresql common/8.2.12
- version/postgresql common/8.2.2
- version/postgresql common/8.2.5
- version/postgresql common/8.2.1
- version/postgresql common/8.2.7
- version/postgresql common/8.2.6
- version/postgresql common/8.2.3
- version/postgresql common/8.2.16
- version/postgresql common/8.2.8
- version/postgresql common/8.2.13
- version/postgresql common/8.2
- version/postgresql common/8.2.14
- version/postgresql common/8.3.6
- version/postgresql common/8.3.3
- version/postgresql common/8.3.2
- version/postgresql common/8.3.1
- version/postgresql common/8.3.5
- version/postgresql common/8.3.8
- version/postgresql common/8.3.7
- version/postgresql common/8.3.10
- version/postgresql common/8.3
- version/postgresql common/8.3.4
- version/postgresql common/8.3.9
- version/postgresql common/8.4.1
- version/postgresql common/8.4.3
- version/postgresql common/8.4
- version/postgresql common/8.4.2
- version/postgresql common/9.0.0-beta1