CERTA-2002-AVI-279

Vulnerability from certfr_avis - Published: 2002-12-23 - Updated: 2002-12-23

Une vulnérabilité a été découverte dans l'une des fonctions du module safe.pm.

Description

Le module Safe permet la création de compartiments dans lesquels du code perl peut être évalué sans aucun accès à des variables extérieures.

Une vulnérabilité présente dans l'une des fonctions de ce module ne permet pas de garantir la bonne exécution du code dans ce compartiment.

Solution

Mettre à jour les versions affectées de Perl.

None
Impacted products
Vendor Product Description
N/A N/A Safe.pm version 2.06 dans Perl 5.6.1 ;
N/A N/A Safe.pm version 2.07 dans Perl 5.8.0.
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safe.pm version 2.06 dans Perl 5.6.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Safe.pm version 2.07 dans Perl 5.8.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLe module `Safe` permet la cr\u00e9ation de compartiments dans lesquels du\ncode perl peut \u00eatre \u00e9valu\u00e9 sans aucun acc\u00e8s \u00e0 des variables ext\u00e9rieures.\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente dans l\u0027une des fonctions de ce module ne\npermet pas de garantir la bonne ex\u00e9cution du code dans ce compartiment.\n\n## Solution\n\nMettre \u00e0 jour les versions affect\u00e9es de Perl.\n",
  "cves": [],
  "initial_release_date": "2002-12-23T00:00:00",
  "last_revision_date": "2002-12-23T00:00:00",
  "links": [
    {
      "title": "bulletin de s\u00e9curit\u00e9 Trustix :",
      "url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0087-perl.asc.txt"
    },
    {
      "title": "bulletin de s\u00e9curit\u00e9 Debian :",
      "url": "http://www.debian.org/security/2002/dsa-208"
    }
  ],
  "reference": "CERTA-2002-AVI-279",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-12-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Baisse du niveau de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans l\u0027une des fonctions du module\n`safe.pm`.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans PERL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de securite DEBIAN DSA208-1",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.