CVE-2010-1168

2010-06-2100:00:00

ubuntu.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent
attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access
restrictions, and inject and execute arbitrary code, via vectors involving
implicitly called methods and implicitly blessed objects, as demonstrated
by the (a) DESTROY and (b) AUTOLOAD methods, related to “automagic
methods.”

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582978>

Notes

Author	Note
mdeslaur	debian bug says upstream 2.27 contains regressions…should update to 2.25, but 2.25 doesn’t fix CVE-2010-1447.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchperl< 5.8.7-10ubuntu1.3UNKNOWN
ubuntu8.04noarchperl< 5.8.8-12ubuntu0.5UNKNOWN
ubuntu10.04noarchperl< 5.10.1-8ubuntu2.1UNKNOWN
ubuntu10.10noarchperl< 5.10.1-12ubuntu2.1UNKNOWN
ubuntu11.04noarchperl< 5.10.1-17ubuntu4.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	perl	< 5.8.7-10ubuntu1.3	UNKNOWN
ubuntu	8.04	noarch	perl	< 5.8.8-12ubuntu0.5	UNKNOWN
ubuntu	10.04	noarch	perl	< 5.10.1-8ubuntu2.1	UNKNOWN
ubuntu	10.10	noarch	perl	< 5.10.1-12ubuntu2.1	UNKNOWN
ubuntu	11.04	noarch	perl	< 5.10.1-17ubuntu4.1	UNKNOWN