Perl Safe extension module background: ====================================== The Safe extension module allows the creation of compartments in which Perl code can be evaluated. Each compartment has: * a new namespace The "root" of the namespace (i.e. "main::") is changed to a different package and code evaluated in the compartment cannot refer to variables outside this namespace, even with run-time glob lookups and other tricks. * an operator mask Each compartment has an associated "operator mask". Code evaluated in a compartment compiles subject to the compartment's operator mask. Attempting to evaluate code in a compartment which contains a masked operator will cause the compilation to fail with an error. The code will not be executed. CVE-2010-1447 flaw: =================== Safe.pm 2.26 and earlier (except 2.20 through 2.23 if using a threads-enabled Perl), when used in Perl 5.10.0 and earlier, may allow attackers to break out of safe compartment in (1) Safe::reval or (2) Safe::rdo using references to Perl objects in code executed outside the compartment. If a victim was tricked into running a specially-crafted Perl script, using Safe extension module, it could lead to unauthorized access to protected information or, execution of arbitrary Perl code, which was intended to be prohibited. Different vulnerability than CVE-2010-1168. Credit: ======= Tim Bunce, Rafaƫl Garcia-Suarez CVE: CVE identifier of CVE-2010-1447 has been assigned to this flaw. ==== Coordinated Release Date (CRD): =============================== Monday, 2010-05-17 Please do not publicly mention / discuss the information provided in this advisory prior to that date. This may change / be postponed slightly yet, but in that case we will contact you again with updated CRD. Affected Perl versions: ======================= Issue tested && confirmed in Perl of versions v5.8.x up to v5.10.x, where version of Safe module extension is below 2.27 (except 2.20 through 2.23 if using a threads-enabled perl). Patch / Solution: ================= Upgrade to Perl Safe module extension v2.27 or higher. Perl CPAN modules, which have Safe extension module as dependency (from Tim Bunce): ================================================================================== Config-Scoped, Eval-Context, Workflow, Games-Perlwar, SNMP-Trapinfo, YAML-Logic, Locale-TextDomain-OO, App-CPAN-Testers-Remailer, Colloquy-Data, Graph, Text::MicroMason::Safe.