How to overcome perl safe module security vulnerability ( CVE-2010-1168 and CVE-2010-1974 )?
Issue
-
Perl Safe Module is used to create restricted compartments in which unsafe perl code can be evaluated. The Perl Safe module is prone to multiple restriction bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary Perl code outside of the restricted root.
The vulnerability exists in Safe::reval and Safe::rdo.
Versions prior to Perl Safe 2.25 are vulnerable. -
Upstream link for downloading patches to fix the vulnerabilities is available at Perl 5.12: Linux Perl Safe. When will Red Hat release the patches?
Environment
-
Red Hat Enterprise Linux 5
-
perl
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.