Perl Safe extension module background: ====================================== The Safe extension module allows the creation of compartments in which Perl code can be evaluated. Each compartment has: * a new namespace The "root" of the namespace (i.e. "main::") is changed to a different package and code evaluated in the compartment cannot refer to variables outside this namespace, even with run-time glob lookups and other tricks. * an operator mask Each compartment has an associated "operator mask". Code evaluated in a compartment compiles subject to the compartment's operator mask. Attempting to evaluate code in a compartment which contains a masked operator will cause the compilation to fail with an error. The code will not be executed. CVE-2010-1168 flaw: ================== Safe.pm 2.24 and earlier, when used in Perl 5.10.0 and earlier, may allow attackers to break out of safe compartment in (1) Safe::reval or (2) Safe::rdo using (implicit) references to Perl objects in code, compiled and executed within compartment. If a victim was tricked into running a specially-crafted Perl script, using Safe extension module, it could lead to unauthorized access to protected information or, execution of arbitrary Perl code, which was intended to be prohibited. Credit: ======= Nick Cleaton CVE: CVE identifier of CVE-2010-1168 has been assigned to this flaw. ==== Coordinated Release Date (CRD): =============================== Monday, 2010-05-17 Please do not publicly mention / discuss the information provided in this advisory prior to that date. This may change / be postponed slightly yet, but in that case we will contact you again with updated CRD. Affected Perl versions: ======================= Issue tested && confirmed in Perl of versions v5.8.x up to v5.10.x, where version of Safe module extension is <= v2.24. Patch / Solution: ================= Upgrade to Perl Safe module extension v2.25 or higher. Perl CPAN modules, which have Safe extension module as dependency (from Tim Bunce): =================================================================================== Config-Scoped, Eval-Context, Workflow, Games-Perlwar, SNMP-Trapinfo, YAML-Logic, Locale-TextDomain-OO, App-CPAN-Testers-Remailer, Colloquy-Data, Graph, Text::MicroMason::Safe.