4.6 - RHSA-2003:257

Executive Summary

Summary
Title	Updated Perl packages fix security issues.

Informations
Name	RHSA-2003:257	First vendor Publication	2003-09-22
Vendor	RedHat	Last vendor Modification	2003-09-22
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.6	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2003-257.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1160

Oval ID:	oval:org.mitre.oval:def:1160
Title:	Safe.PM Unsafe Code Execution Vulnerability
Description:	Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2002-1323	Version:	3
Platform(s):	Sun Solaris 8 Sun Solaris 9	Product(s):	Perl
Definition Synopsis:
Solaris 8 (SPARC) meets Sun Alert ID 200205 (formerly 101426) criteria. Solaris 8 (SPARC) is installed AND NOT Patch 122091-01 or later installed OR Solaris 8 (x86) meets Sun Alert ID 200205 (formerly 101426) criteria. Solaris 8 (x86) is installed AND NOT Patch 122092-01 or later installed OR Solaris 9 (SPARC) meets Sun Alert ID 200205 (formerly 101426) criteria. Solaris 9 (SPARC) is installed AND NOT Patch 119449-01 or later installed OR Solaris 9 (x86) meets Sun Alert ID 200205 (formerly 101426) criteria. Solaris 9 (x86) is installed AND NOT Patch 119450-01 or later installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Safe.Pm cpe:2.3:a:safe.pm:safe.pm:2.0_7:::::::* cpe:2.3:a:safe.pm:safe.pm:2.0_6:::::::*	2
Application	Sun Linux cpe:2.3:a:sun:linux:5.0.7:::::::*	1
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64::::: cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server::::: cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64::::: cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server::::: cpe:2.3:o:redhat:enterprise_linux:2.1::workstation::::: cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::	6
Os	Redhat Linux Advanced Workstation cpe:2.3:o:redhat:linux_advanced_workstation:2.1:::::::*	1
Os	Sco Open Unix cpe:2.3:o:sco:open_unix:8.0:::::::*	1
Os	Sco Unixware cpe:2.3:o:sco:unixware:7.1.3:::::::* cpe:2.3:o:sco:unixware:7.1.2:::::::*	2
Os	Sgi Irix cpe:2.3:o:sgi:irix:6.5.9:::::::* cpe:2.3:o:sgi:irix:6.5.8:::::::* cpe:2.3:o:sgi:irix:6.5.7:::::::* cpe:2.3:o:sgi:irix:6.5.6:::::::* cpe:2.3:o:sgi:irix:6.5.5:::::::* cpe:2.3:o:sgi:irix:6.5.4:::::::* cpe:2.3:o:sgi:irix:6.5.3:::::::* cpe:2.3:o:sgi:irix:6.5.22:::::::* cpe:2.3:o:sgi:irix:6.5.21m:::::::* cpe:2.3:o:sgi:irix:6.5.21f:::::::* cpe:2.3:o:sgi:irix:6.5.20m:::::::* cpe:2.3:o:sgi:irix:6.5.20f:::::::* cpe:2.3:o:sgi:irix:6.5.2:::::::* cpe:2.3:o:sgi:irix:6.5.19m:::::::* cpe:2.3:o:sgi:irix:6.5.19f:::::::* cpe:2.3:o:sgi:irix:6.5.19:::::::* cpe:2.3:o:sgi:irix:6.5.18m:::::::* cpe:2.3:o:sgi:irix:6.5.18f:::::::* cpe:2.3:o:sgi:irix:6.5.18:::::::* cpe:2.3:o:sgi:irix:6.5.17m:::::::* cpe:2.3:o:sgi:irix:6.5.17f:::::::* cpe:2.3:o:sgi:irix:6.5.17:::::::* cpe:2.3:o:sgi:irix:6.5.16:::::::* cpe:2.3:o:sgi:irix:6.5.15:::::::* cpe:2.3:o:sgi:irix:6.5.14:::::::* cpe:2.3:o:sgi:irix:6.5.13:::::::* cpe:2.3:o:sgi:irix:6.5.12:::::::* cpe:2.3:o:sgi:irix:6.5.11:::::::* cpe:2.3:o:sgi:irix:6.5.10:::::::* cpe:2.3:o:sgi:irix:6.5.1:::::::* cpe:2.3:o:sgi:irix:6.5:::::::*	31
Os	Sun Solaris cpe:2.3:o:sun:solaris:9.0::sparc::::: cpe:2.3:o:sun:solaris:9.0::x86::::: cpe:2.3:o:sun:solaris:8.0::x86:::::	3
Os	Sun Sunos cpe:2.3:o:sun:sunos:5.8:::::::*	1

OpenVAS Exploits

Date	Description
2009-06-03	Name : Solaris Update for Perl 119449-01 File : nvt/gb_solaris_119449_01.nasl
2008-01-17	Name : Debian Security Advisory DSA 208-1 (perl, perl-5.004, perl-5.005) File : nvt/deb_208_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
2183	Perl Safe.pm Access Bypass Safe.pm contains a flaw that could allow a local or remote attacker execute code outside of Safe.pm's restricted environment called a compartment. If the compartment has been accessed at least once, an attacker could change the the mask of the compartment to access code outside of the compartment.

Nessus® Vulnerability Scanner

Date	Description
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-208.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-257.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:48:13	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	48
osvdb(s)	1
Openvas Exploit(s)	2
Nessus® Exploit(s)	2

	Related
4.6	CVE-2002-1323
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0341s

Facebook rss twitter linkedin mail