CVE-2010-1447 Information

Description

The Safe (aka Safe.pm) module 2.26 and certain earlier versions for Perl as used in PostgreSQL 7.4 before 7.4.29 8.0 before 8.0.25 8.1 before 8.1.21 8.2 before 8.2.17 8.3 before 8.3.11 8.4 before 8.4.4 and 9.0 Beta before 9.0 Beta 2 allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions and inject and execute arbitrary code via vectors involving subroutine references and delayed execution.

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://osvdb.org/64756 http://secunia.com/advisories/39845 http://secunia.com/advisories/40049 http://secunia.com/advisories/40052 http://security-tracker.debian.org/tracker/CVE-2010-1447 http://www.debian.org/security/2011/dsa-2267 http://www.mandriva.com/security/advisories?name=MDVSA-2010:115 http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 http://www.openwall.com/lists/oss-security/2010/05/20/5 http://www.postgresql.org/about/news.1203 http://www.redhat.com/support/errata/RHSA-2010-0457.html http://www.redhat.com/support/errata/RHSA-2010-0458.html http://www.securityfocus.com/bid/40305 http://www.securitytracker.com/id?1023988 http://www.vupen.com/english/advisories/2010/1167 https://bugs.launchpad.net/bugs/cve/2010-1447 https://bugzilla.redhat.com/show_bug.cgi?id=588269 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11530 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7320