CVE-2010-1447

Sažetak

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://osvdb.org/64756
http://secunia.com/advisories/39845
http://secunia.com/advisories/40049
http://secunia.com/advisories/40052
http://security-tracker.debian.org/tracker/CVE-2010-1447
http://www.debian.org/security/2011/dsa-2267
http://www.mandriva.com/security/advisories?name=MDVSA-2010:115
http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
http://www.openwall.com/lists/oss-security/2010/05/20/5
http://www.postgresql.org/about/news.1203
http://www.redhat.com/support/errata/RHSA-2010-0457.html
http://www.redhat.com/support/errata/RHSA-2010-0458.html
http://www.securityfocus.com/bid/40305
http://www.securitytracker.com/id?1023988
http://www.vupen.com/english/advisories/2010/1167
https://bugs.launchpad.net/bugs/cve/2010-1447
https://bugzilla.redhat.com/show_bug.cgi?id=588269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320

CVSS

Base:	8.5
Impact:	10.0
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-09-2017 - 01:30

Objavljeno

19-05-2010 - 18:30