[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1168Date: (C)2010-06-21   (M)2023-12-22


The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1024062
SECUNIA-40049
SECUNIA-40052
SECUNIA-42402
ADV-2010-3075
MDVSA-2010:115
MDVSA-2010:116
RHSA-2010:0457
RHSA-2010:0458
http://www.openwall.com/lists/oss-security/2010/05/20/5
http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html
http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in
http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
https://bugzilla.redhat.com/show_bug.cgi?id=576508
oval:org.mitre.oval:def:7424
oval:org.mitre.oval:def:9807

CPE    1
cpe:/a:perl:perl
CWE    1
CWE-264
OVAL    12
oval:org.secpod.oval:def:700486
oval:org.secpod.oval:def:300215
oval:org.secpod.oval:def:201888
oval:org.secpod.oval:def:101034
...

© SecPod Technologies