Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  > Vendors:   Beattie, Malcolm et al
(SCO Issues Fix for UnixWare/Open UNIX) Perl Safe Module May Allow Sandbox Compartment Access Restrictions to Be Bypassed
SecurityTracker Alert ID:  1009633
SecurityTracker URL:
CVE Reference:   CVE-2002-1323   (Links to External Site)
Date:  Apr 1 2004
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): versions prior to 2.0.8
Description:   A vulnerability was reported in the Perl 'Safe' module. Depending on the Perl application using Safe, a local or remote user may be able to bypass compartment access controls in certain cases.

It is reported that when a Safe module compartment is reused, code in the compartment may be able to bypass the access restrictions of the compartment. This is apparently achieved by modifying the operation mask via the '@_' variable. Then, when the compartment is reused, the modified operation mask might be used.

Programs that use a Safe compartment only once are not affected, according to the report.

Impact:   A remote or local user could bypass access control restrictions. The specific impact depends on the application that uses the Safe module.
Solution:   SCO has issued a fix for UnixWare 7.1.3, Open UNIX 8.0.0, and UnixWare 7.1.2:

The verification checksum is:

MD5 (erg712495.Z) = a58a6ad7b7ea39ee48abc8bc3cc0d4fe

Vendor URL: (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  UnixWare 7.1.2, 7.1.3; Open UNIX 8.0.0

Message History:   This archive entry is a follow-up to the message listed below.
Nov 6 2002 Perl Safe Module May Allow Sandbox Compartment Access Restrictions to Be Bypassed

 Source Message Contents

Subject:  UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment

Hash: SHA1


			SCO Security Advisory

Subject:		UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment
Advisory number: 	SCOSA-2004.1
Issue date: 		2004 March 29
Cross reference: 	sr887197 fz528449 erg712495 CAN-2002-1323

1. Problem Description 2.0.7 and earlier, when used in Perl 5.8.0 and
	earlier, may allow attackers to break out of safe compartments
	in (1) Safe::reval or (2) Safe::rdo using a redefined @_
	variable, which is not reset between successive calls. 
	The Common Vulnerabilities and Exposures project (
	has assigned the name CAN-2002-1323 to this issue.

2. Vulnerable Supported Versions

	System				Binaries
	UnixWare 7.1.3 		/usr/gnu/lib/perl5/i386-svr4/5.00404/	
	Open UNIX 8.0.0 	/usr/gnu/lib/perl5/i386-svr4/5.00404/
	UnixWare 7.1.1 		/usr/gnu/lib/perl5/i386-svr4/5.00404/

3. Solution

	The proper solution is to install the latest packages.

4. UnixWare 7.1.3 
   Open UNIX 8.0.0
   UnixWare 7.1.2

	4.1 Location of Fixed Binaries

	4.2 Verification

	MD5 (erg712495.Z) = a58a6ad7b7ea39ee48abc8bc3cc0d4fe

	md5 is available for download from

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1. Download the erg712495.Z file to a directory on your machine.

	2. As root, uncompress the file and add the package to your system
	using these commands:

        # uncompress erg712495.Z
        # pkgadd -d erg712495

	3. There is no need to reboot the system after installing this package.

	If you have questions regarding this supplement, or the product on
	which it is installed, please contact your software supplier.

5. References

	Specific references for this advisory:

	SCO security resources:

	SCO security advisories via email:

	This security fix closes SCO incidents sr887197 fz528449

6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO

7. Acknowledgments

	SCO would like to thank Andreas Jurenda

	If you would like to receive SCO Security Advisories please visit:


Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC