SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Safe.pm Vendors:   Beattie, Malcolm et al
(SCO Issues Fix for UnixWare/Open UNIX) Perl Safe Module May Allow Sandbox Compartment Access Restrictions to Be Bypassed
SecurityTracker Alert ID:  1009633
SecurityTracker URL:  http://securitytracker.com/id/1009633
CVE Reference:   CVE-2002-1323   (Links to External Site)
Date:  Apr 1 2004
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): versions prior to 2.0.8
Description:   A vulnerability was reported in the Perl 'Safe' module. Depending on the Perl application using Safe, a local or remote user may be able to bypass compartment access controls in certain cases.

It is reported that when a Safe module compartment is reused, code in the compartment may be able to bypass the access restrictions of the compartment. This is apparently achieved by modifying the operation mask via the '@_' variable. Then, when the compartment is reused, the modified operation mask might be used.

Programs that use a Safe compartment only once are not affected, according to the report.

Impact:   A remote or local user could bypass access control restrictions. The specific impact depends on the application that uses the Safe module.
Solution:   SCO has issued a fix for UnixWare 7.1.3, Open UNIX 8.0.0, and UnixWare 7.1.2:

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1

The verification checksum is:

MD5 (erg712495.Z) = a58a6ad7b7ea39ee48abc8bc3cc0d4fe

Vendor URL:  search.cpan.org/author/ABERGMAN/Safe/Safe.pm (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  UnixWare 7.1.2, 7.1.3; Open UNIX 8.0.0

Message History:   This archive entry is a follow-up to the message listed below.
Nov 6 2002 Perl Safe Module May Allow Sandbox Compartment Access Restrictions to Be Bypassed



 Source Message Contents

Subject:  UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment
Advisory number: 	SCOSA-2004.1
Issue date: 		2004 March 29
Cross reference: 	sr887197 fz528449 erg712495 CAN-2002-1323
______________________________________________________________________________


1. Problem Description

	Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and
	earlier, may allow attackers to break out of safe compartments
	in (1) Safe::reval or (2) Safe::rdo using a redefined @_
	variable, which is not reset between successive calls. 
	
	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the name CAN-2002-1323 to this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.3 		/usr/gnu/lib/perl5/i386-svr4/5.00404/Safe.pm	
	Open UNIX 8.0.0 	/usr/gnu/lib/perl5/i386-svr4/5.00404/Safe.pm
	UnixWare 7.1.1 		/usr/gnu/lib/perl5/i386-svr4/5.00404/Safe.pm

3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.3 
   Open UNIX 8.0.0
   UnixWare 7.1.2

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1


	4.2 Verification

	MD5 (erg712495.Z) = a58a6ad7b7ea39ee48abc8bc3cc0d4fe

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1. Download the erg712495.Z file to a directory on your machine.

	2. As root, uncompress the file and add the package to your system
	using these commands:

        # uncompress erg712495.Z
        # pkgadd -d erg712495

	3. There is no need to reboot the system after installing this package.


	If you have questions regarding this supplement, or the product on
	which it is installed, please contact your software supplier.

5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email:
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr887197 fz528449
	erg712495.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


7. Acknowledgments

	SCO would like to thank Andreas Jurenda

	If you would like to receive SCO Security Advisories please visit:
	http://www.thescogroup.com/support/forums/announce.html

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFAa1gDaqoBO7ipriERAmUSAJ4wj29qyF8tdLnaf73PAJy0uwmXGACfR4qY
V04ijiOTJg8nxlajD4dtwCw=
=1x3D
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC