CERTA-2002-AVI-279
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans l'une des fonctions du module safe.pm.

Description

Le module Safe permet la création de compartiments dans lesquels du code perl peut être évalué sans aucun accès à des variables extérieures.

Une vulnérabilité présente dans l'une des fonctions de ce module ne permet pas de garantir la bonne exécution du code dans ce compartiment.

Solution

Mettre à jour les versions affectées de Perl.

None
Impacted products
Vendor Product Description
N/A N/A Safe.pm version 2.06 dans Perl 5.6.1 ;
N/A N/A Safe.pm version 2.07 dans Perl 5.8.0.
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safe.pm version 2.06 dans Perl 5.6.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Safe.pm version 2.07 dans Perl 5.8.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLe module `Safe` permet la cr\u00e9ation de compartiments dans lesquels du\ncode perl peut \u00eatre \u00e9valu\u00e9 sans aucun acc\u00e8s \u00e0 des variables ext\u00e9rieures.\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente dans l\u0027une des fonctions de ce module ne\npermet pas de garantir la bonne ex\u00e9cution du code dans ce compartiment.\n\n## Solution\n\nMettre \u00e0 jour les versions affect\u00e9es de Perl.\n",
  "cves": [],
  "initial_release_date": "2002-12-23T00:00:00",
  "last_revision_date": "2002-12-23T00:00:00",
  "links": [
    {
      "title": "bulletin de s\u00e9curit\u00e9 Trustix :",
      "url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0087-perl.asc.txt"
    },
    {
      "title": "bulletin de s\u00e9curit\u00e9 Debian :",
      "url": "http://www.debian.org/security/2002/dsa-208"
    }
  ],
  "reference": "CERTA-2002-AVI-279",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-12-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Baisse du niveau de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans l\u0027une des fonctions du module\n`safe.pm`.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans PERL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de securite DEBIAN DSA208-1",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.