Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-1168
HistoryJun 21, 2010 - 12:00 a.m.

CVE-2010-1168

2010-06-2100:00:00
ubuntu.com
ubuntu.com
12

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.019

Percentile

88.8%

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent
attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access
restrictions, and inject and execute arbitrary code, via vectors involving
implicitly called methods and implicitly blessed objects, as demonstrated
by the (a) DESTROY and (b) AUTOLOAD methods, related to “automagic
methods.”

Bugs

Notes

Author Note
mdeslaur debian bug says upstream 2.27 contains regressions…should update to 2.25, but 2.25 doesn’t fix CVE-2010-1447.
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchperl< 5.8.7-10ubuntu1.3UNKNOWN
ubuntu8.04noarchperl< 5.8.8-12ubuntu0.5UNKNOWN
ubuntu10.04noarchperl< 5.10.1-8ubuntu2.1UNKNOWN
ubuntu10.10noarchperl< 5.10.1-12ubuntu2.1UNKNOWN
ubuntu11.04noarchperl< 5.10.1-17ubuntu4.1UNKNOWN

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.019

Percentile

88.8%