4.6 - CVE-2002-1323

Executive Summary

Informations
Name	CVE-2002-1323	First vendor Publication	2002-12-11
Vendor	Cve	Last vendor Modification	2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.6	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1323

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1160

Oval ID:	oval:org.mitre.oval:def:1160
Title:	Safe.PM Unsafe Code Execution Vulnerability
Description:	Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2002-1323	Version:	3
Platform(s):	Sun Solaris 8 Sun Solaris 9	Product(s):	Perl
Definition Synopsis:
Solaris 8 (SPARC) meets Sun Alert ID 200205 (formerly 101426) criteria. Solaris 8 (SPARC) is installed AND NOT Patch 122091-01 or later installed OR Solaris 8 (x86) meets Sun Alert ID 200205 (formerly 101426) criteria. Solaris 8 (x86) is installed AND NOT Patch 122092-01 or later installed OR Solaris 9 (SPARC) meets Sun Alert ID 200205 (formerly 101426) criteria. Solaris 9 (SPARC) is installed AND NOT Patch 119449-01 or later installed OR Solaris 9 (x86) meets Sun Alert ID 200205 (formerly 101426) criteria. Solaris 9 (x86) is installed AND NOT Patch 119450-01 or later installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Safe.Pm cpe:2.3:a:safe.pm:safe.pm:2.0_7:::::::* cpe:2.3:a:safe.pm:safe.pm:2.0_6:::::::*	2
Application	Sun Linux cpe:2.3:a:sun:linux:5.0.7:::::::*	1
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64::::: cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server::::: cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64::::: cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server::::: cpe:2.3:o:redhat:enterprise_linux:2.1::workstation::::: cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::	6
Os	Redhat Linux Advanced Workstation cpe:2.3:o:redhat:linux_advanced_workstation:2.1:::::::*	1
Os	Sco Open Unix cpe:2.3:o:sco:open_unix:8.0:::::::*	1
Os	Sco Unixware cpe:2.3:o:sco:unixware:7.1.3:::::::* cpe:2.3:o:sco:unixware:7.1.2:::::::*	2
Os	Sgi Irix cpe:2.3:o:sgi:irix:6.5.9:::::::* cpe:2.3:o:sgi:irix:6.5.8:::::::* cpe:2.3:o:sgi:irix:6.5.7:::::::* cpe:2.3:o:sgi:irix:6.5.6:::::::* cpe:2.3:o:sgi:irix:6.5.5:::::::* cpe:2.3:o:sgi:irix:6.5.4:::::::* cpe:2.3:o:sgi:irix:6.5.3:::::::* cpe:2.3:o:sgi:irix:6.5.22:::::::* cpe:2.3:o:sgi:irix:6.5.21m:::::::* cpe:2.3:o:sgi:irix:6.5.21f:::::::* cpe:2.3:o:sgi:irix:6.5.20m:::::::* cpe:2.3:o:sgi:irix:6.5.20f:::::::* cpe:2.3:o:sgi:irix:6.5.2:::::::* cpe:2.3:o:sgi:irix:6.5.19m:::::::* cpe:2.3:o:sgi:irix:6.5.19f:::::::* cpe:2.3:o:sgi:irix:6.5.19:::::::* cpe:2.3:o:sgi:irix:6.5.18m:::::::* cpe:2.3:o:sgi:irix:6.5.18f:::::::* cpe:2.3:o:sgi:irix:6.5.18:::::::* cpe:2.3:o:sgi:irix:6.5.17m:::::::* cpe:2.3:o:sgi:irix:6.5.17f:::::::* cpe:2.3:o:sgi:irix:6.5.17:::::::* cpe:2.3:o:sgi:irix:6.5.16:::::::* cpe:2.3:o:sgi:irix:6.5.15:::::::* cpe:2.3:o:sgi:irix:6.5.14:::::::* cpe:2.3:o:sgi:irix:6.5.13:::::::* cpe:2.3:o:sgi:irix:6.5.12:::::::* cpe:2.3:o:sgi:irix:6.5.11:::::::* cpe:2.3:o:sgi:irix:6.5.10:::::::* cpe:2.3:o:sgi:irix:6.5.1:::::::* cpe:2.3:o:sgi:irix:6.5:::::::*	31
Os	Sun Solaris cpe:2.3:o:sun:solaris:9.0::sparc::::: cpe:2.3:o:sun:solaris:9.0::x86::::: cpe:2.3:o:sun:solaris:8.0::x86:::::	3
Os	Sun Sunos cpe:2.3:o:sun:sunos:5.8:::::::*	1

OpenVAS Exploits

Date	Description
2009-06-03	Name : Solaris Update for Perl 119449-01 File : nvt/gb_solaris_119449_01.nasl
2008-01-17	Name : Debian Security Advisory DSA 208-1 (perl, perl-5.004, perl-5.005) File : nvt/deb_208_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
2183	Perl Safe.pm Access Bypass Safe.pm contains a flaw that could allow a local or remote attacker execute code outside of Safe.pm's restricted environment called a compartment. If the compartment has been accessed at least once, an attacker could change the the mask of the compartment to access code outside of the compartment.

Nessus® Vulnerability Scanner

Date	Description
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-208.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-257.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt
ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
http://marc.info/?l=bugtraq&m=104005919814869&w=2
http://marc.info/?l=bugtraq&m=104033126305252&w=2
http://marc.info/?l=bugtraq&m=104040175522502&w=2
http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
http://www.debian.org/security/2002/dsa-208
http://www.iss.net/security_center/static/10574.php
http://www.osvdb.org/2183
http://www.osvdb.org/3814
http://www.redhat.com/support/errata/RHSA-2003-256.html
http://www.redhat.com/support/errata/RHSA-2003-257.html
http://www.securityfocus.com/bid/6111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:23:44	Multiple Updates
2024-11-28 12:05:14	Multiple Updates
2021-05-04 12:01:47	Multiple Updates
2021-04-22 01:01:55	Multiple Updates
2020-05-23 00:15:07	Multiple Updates
2018-10-31 00:19:41	Multiple Updates
2017-10-10 09:23:25	Multiple Updates
2016-10-18 12:01:04	Multiple Updates
2016-06-28 15:00:34	Multiple Updates
2016-04-26 12:17:33	Multiple Updates
2014-02-17 10:25:16	Multiple Updates
2013-05-11 12:12:31	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	48
Sources(s)	17
osvdb(s)	1
Openvas Exploit(s)	2
Nessus® Exploit(s)	2

	Related
4.6	RHSA-2003:257
4.6	DSA-208
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

4.6 - CVE-2002-1323

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU