Published: 19/05/2010 Updated: 19/09/2017

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

VMScore: 758

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 prior to 7.4.29, 8.0 prior to 8.0.25, 8.1 prior to 8.1.21, 8.2 prior to 8.2.17, 8.3 prior to 8.3.11, 8.4 prior to 8.4.4, and 9.0 Beta prior to 9.0 Beta 2, allows context-dependent malicious users to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 7.4.24
postgresql postgresql 7.4.6
postgresql postgresql 7.4.22
postgresql postgresql 7.4.11
postgresql postgresql 7.4.23
postgresql postgresql 7.4.16
postgresql postgresql 7.4.20
postgresql postgresql 7.4.4
postgresql postgresql 7.4.7
postgresql postgresql 7.4.1
postgresql postgresql 7.4.10
postgresql postgresql 7.4.15
postgresql postgresql 7.4.19
postgresql postgresql 7.4.27
postgresql postgresql 7.4.3
postgresql postgresql 7.4.9
postgresql postgresql 7.4.8
postgresql postgresql 7.4.12
postgresql postgresql 7.4.25
postgresql postgresql 7.4.17
postgresql postgresql 7.4.21
postgresql postgresql 7.4.2
postgresql postgresql 7.4.5
postgresql postgresql 7.4.18
postgresql postgresql 7.4
postgresql postgresql 7.4.13
postgresql postgresql 7.4.14
postgresql postgresql 7.4.26
postgresql postgresql 7.4.28
postgresql postgresql 8.0.20
postgresql postgresql 8.0.0
postgresql postgresql 8.0.13
postgresql postgresql 8.0.4
postgresql postgresql 8.0.3
postgresql postgresql 8.0.21
postgresql postgresql 8.0.7
postgresql postgresql 8.0.11
postgresql postgresql 8.0.2
postgresql postgresql 8.0.23
postgresql postgresql 8.0.12
postgresql postgresql 8.0.15
postgresql postgresql 8.0.9
postgresql postgresql 8.0.24
postgresql postgresql 8.0
postgresql postgresql 8.0.10
postgresql postgresql 8.0.16
postgresql postgresql 8.0.17
postgresql postgresql 8.0.8
postgresql postgresql 8.0.5
postgresql postgresql 8.0.1
postgresql postgresql 8.0.14
postgresql postgresql 8.0.18
postgresql postgresql 8.0.19
postgresql postgresql 8.0.6
postgresql postgresql 8.0.22
postgresql postgresql 8.1.19
postgresql postgresql 8.1.1
postgresql postgresql 8.1.12
postgresql postgresql 8.1.10
postgresql postgresql 8.1.5
postgresql postgresql 8.1.4
postgresql postgresql 8.1
postgresql postgresql 8.1.15
postgresql postgresql 8.1.14
postgresql postgresql 8.1.8
postgresql postgresql 8.1.9
postgresql postgresql 8.1.6
postgresql postgresql 8.1.20
postgresql postgresql 8.1.0
postgresql postgresql 8.1.13
postgresql postgresql 8.1.11
postgresql postgresql 8.1.3
postgresql postgresql 8.1.2
postgresql postgresql 8.1.17
postgresql postgresql 8.1.18
postgresql postgresql 8.1.16
postgresql postgresql 8.1.7
postgresql postgresql 8.2.12
postgresql postgresql 8.2.3
postgresql postgresql 8.2.13
postgresql postgresql 8.2.10
postgresql postgresql 8.2.9
postgresql postgresql 8.2.8
postgresql postgresql 8.2
postgresql postgresql 8.2.1
postgresql postgresql 8.2.2
postgresql postgresql 8.2.7
postgresql postgresql 8.2.4
postgresql postgresql 8.2.16
postgresql postgresql 8.2.6
postgresql postgresql 8.2.11
postgresql postgresql 8.2.5
postgresql postgresql 8.2.15
postgresql postgresql 8.2.14
postgresql postgresql 8.3.7
postgresql postgresql 8.3
postgresql postgresql 8.3.10
postgresql postgresql 8.3.4
postgresql postgresql 8.3.3
postgresql postgresql 8.3.6
postgresql postgresql 8.3.5
postgresql postgresql 8.3.9
postgresql postgresql 8.3.8
postgresql postgresql 8.3.2
postgresql postgresql 8.3.1
postgresql postgresql 8.4.2
postgresql postgresql 8.4.3
postgresql postgresql 8.4.1
postgresql postgresql 8.4
postgresql postgresql 9.0.0

Debian Bug report logs - #582978 perl: safepm code injection vulnerability Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Tue, 25 May 2010 04:39:02 UTC Severity: serious Tags: secu ...

An attacker could send crafted input to Perl and bypass intended restrictions ...

CWE-264 https://bugs.launchpad.net/bugs/cve/2010-1447 http://www.vupen.com/english/advisories/2010/1167 http://secunia.com/advisories/39845 http://www.postgresql.org/about/news.1203 http://security-tracker.debian.org/tracker/CVE-2010-1447 https://bugzilla.redhat.com/show_bug.cgi?id=588269 http://www.securitytracker.com/id?1023988 http://osvdb.org/64756 http://www.securityfocus.com/bid/40305 http://secunia.com/advisories/40052 http://www.redhat.com/support/errata/RHSA-2010-0458.html http://www.openwall.com/lists/oss-security/2010/05/20/5 http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 http://www.redhat.com/support/errata/RHSA-2010-0457.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:115 http://secunia.com/advisories/40049 http://www.debian.org/security/2011/dsa-2267 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582978 https://usn.ubuntu.com/1129-1/https://nvd.nist.gov

Get Started

CVE-2010-1447

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect