Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-1447
HistoryMay 19, 2010 - 12:00 a.m.

CVE-2010-1447

2010-05-1900:00:00
ubuntu.com
ubuntu.com
12

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.019

Percentile

88.8%

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl,
as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before
8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0
Beta before 9.0 Beta 2, allows context-dependent attackers to bypass
intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject
and execute arbitrary code, via vectors involving subroutine references and
delayed execution.

Bugs

Notes

Author Note
mdeslaur Description is wrong, this is actually a flaw in Safe.pm 2.26 and earlier as used in Perl 5.10.0 and earlier. Debian bug for CVE-2010-1168 says 2.27 introduces regressions.
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchperl< 5.8.7-10ubuntu1.3UNKNOWN
ubuntu8.04noarchperl< 5.8.8-12ubuntu0.5UNKNOWN
ubuntu10.04noarchperl< 5.10.1-8ubuntu2.1UNKNOWN
ubuntu10.10noarchperl< 5.10.1-12ubuntu2.1UNKNOWN
ubuntu11.04noarchperl< 5.10.1-17ubuntu4.1UNKNOWN

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.019

Percentile

88.8%