Rapid7 Vulnerability & Exploit Database

RHSA-2010:0458: perl security update

Back to Search

RHSA-2010:0458: perl security update

Severity
9
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
Published
05/19/2010
Created
07/25/2018
Added
06/16/2010
Modified
07/04/2017

Description

Perl is a high-level programming language commonly used for systemadministration utilities and web programming. The Safe extension moduleallows users to compile and execute Perl code in restricted compartments.The File::Path module allows users to create and remove directory trees.The Safe module did not properly restrict the code of implicitly calledmethods (such as DESTROY and AUTOLOAD) on implicitly blessed objectsreturned as a result of unsafe code evaluation. These methods could havebeen executed unrestricted by Safe when such objects were accessed ordestroyed. A specially-crafted Perl script executed inside of a Safecompartment could use this flaw to bypass intended Safe modulerestrictions. (CVE-2010-1168)The Safe module did not properly restrict code compiled in a Safecompartment and executed out of the compartment via a subroutine referencereturned as a result of unsafe code evaluation. A specially-crafted Perlscript executed inside of a Safe compartment could use this flaw to bypassintended Safe module restrictions, if the returned subroutine reference wascalled from outside of the compartment. (CVE-2010-1447)Multiple race conditions were found in the way the File::Path module'srmtree function removed directory trees. A malicious, local user with writeaccess to a directory being removed by a victim, running a Perl scriptusing rmtree, could cause the permissions of arbitrary files to be changedto world-writable and setuid, or delete arbitrary files via a symbolic linkattack, if the victim had the privileges to change the permissions of thetarget files or to remove them. (CVE-2008-5302, CVE-2008-5303)Red Hat would like to thank Tim Bunce for responsibly reporting theCVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleatonas the original reporter of CVE-2010-1168, and Tim Bunce and RafaëlGarcia-Suarez as the original reporters of CVE-2010-1447.These packages upgrade the Safe extension module to version 2.27. Refer tothe Safe module's Changes file, linked to in the References, for a fulllist of changes.Users of perl are advised to upgrade to these updated packages, whichcorrect these issues. All applications using the Safe or File::Path modulesmust be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-perl
  • redhat-upgrade-perl-suidperl

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;