Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Some versions of Safe considered unSafe

by dragonchild (Archbishop)
on Apr 01, 2004 at 12:51 UTC ( [id://341602]=perlmeditation: print w/replies, xml ) Need Help??

On bugtraq, there was an announcement concerning Safe.pm 2.0.7 and earlier with Perl 5.8.0 and earlier. From the email:
1. Problem Description Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1323 to this issue.

Refer to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323 for more info.

------
We are the carpenters and bricklayers of the Information Age.

Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose

Replies are listed 'Best First'.
Re: Some versions of Safe considered unSafe
by ysth (Canon) on Apr 04, 2004 at 13:43 UTC
    Wow, they move a little slowly, that seems to have been in "candidate for the CVE list" status for a year now.

    Note that perl5.6.2 includes the fixed Safe 2.10. (Not sure where they got the 2.0.7 notation from, Safe was at version 2.07 in 5.8.0 and 2.10 in 5.8.1.)

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlmeditation [id://341602]
Approved by Steve_p
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others cooling their heels in the Monastery: (3)
As of 2024-03-19 06:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found