RHSA-2010:0458: Moderate: perl security update

First published: Mon Jun 07 2010(Updated: )

Perl is a high-level programming language commonly used for system<br>administration utilities and web programming. The Safe extension module<br>allows users to compile and execute Perl code in restricted compartments.<br>The File::Path module allows users to create and remove directory trees.<br>The Safe module did not properly restrict the code of implicitly called<br>methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects<br>returned as a result of unsafe code evaluation. These methods could have<br>been executed unrestricted by Safe when such objects were accessed or<br>destroyed. A specially-crafted Perl script executed inside of a Safe<br>compartment could use this flaw to bypass intended Safe module<br>restrictions. (CVE-2010-1168)<br>The Safe module did not properly restrict code compiled in a Safe<br>compartment and executed out of the compartment via a subroutine reference<br>returned as a result of unsafe code evaluation. A specially-crafted Perl<br>script executed inside of a Safe compartment could use this flaw to bypass<br>intended Safe module restrictions, if the returned subroutine reference was<br>called from outside of the compartment. (CVE-2010-1447)<br>Multiple race conditions were found in the way the File::Path module's<br>rmtree function removed directory trees. A malicious, local user with write<br>access to a directory being removed by a victim, running a Perl script<br>using rmtree, could cause the permissions of arbitrary files to be changed<br>to world-writable and setuid, or delete arbitrary files via a symbolic link<br>attack, if the victim had the privileges to change the permissions of the<br>target files or to remove them. (CVE-2008-5302, CVE-2008-5303)<br>Red Hat would like to thank Tim Bunce for responsibly reporting the<br>CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton<br>as the original reporter of CVE-2010-1168, and Tim Bunce and Rafael<br>Garcia-Suarez as the original reporters of CVE-2010-1447.<br>These packages upgrade the Safe extension module to version 2.27. Refer to<br>the Safe module's Changes file, linked to in the References, for a full<br>list of changes.<br>Users of perl are advised to upgrade to these updated packages, which<br>correct these issues. All applications using the Safe or File::Path modules<br>must be restarted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/severity
• agent/type
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0458
• agent/software-canonical-lookup
• agent/weakness
• agent/remedy
• agent/title
• agent/references
• agent/description
• agent/event
• agent/trending
• agent/tags
• agent/source
• package-manager/redhat