CVE-2010-1168

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2010-1168
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.openwall.com/lists/oss-security/2010/05/20/5
http://www.redhat.com/support/errata/RHSA-2010-0457.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0458.html Vendor Advisory
http://secunia.com/advisories/40049 Vendor Advisory
http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes
http://www.mandriva.com/security/advisories?name=MDVSA-2010:115
http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
https://bugzilla.redhat.com/show_bug.cgi?id=576508
http://secunia.com/advisories/40052 Vendor Advisory
http://securitytracker.com/id?1024062 Vendor Advisory
http://secunia.com/advisories/42402
http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in
http://www.vupen.com/english/advisories/2010/3075
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:rafael_garcia-suarez:safe:2.08:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.17:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.18:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.15:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.16:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.23:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.24:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.13:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.14:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.21:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.22:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.09:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.19:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.20:*:*:*:*:*:*:*
cpe:2.3:a:rafael_garcia-suarez:safe:2.11:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
Information

Published : 2010-06-21 09:30

Updated : 2017-09-18 18:30

NVD link : CVE-2010-1168

Mitre link : CVE-2010-1168

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

rafael_garcia-suarez

  • safe

perl

  • perl