How to overcome perl safe module security vulnerability ( CVE-2010-1168 and CVE-2010-1974 )?

Solution Verified - Updated -

Issue

  • Perl Safe Module is used to create restricted compartments in which unsafe perl code can be evaluated. The Perl Safe module is prone to multiple restriction bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary Perl code outside of the restricted root.
    The vulnerability exists in Safe::reval and Safe::rdo.
    Versions prior to Perl Safe 2.25 are vulnerable.

  • Upstream link for downloading patches to fix the vulnerabilities is available at Perl 5.12: Linux Perl Safe. When will Red Hat release the patches?

Environment

  • Red Hat Enterprise Linux 5

  • perl

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content