[VulnWatch] Perl Safe.pm compartment reuse vuln
From: Rain Forest Puppy (rfp@vulnwatch.org)Date: 11/06/02
- Previous message: NGSSoftware Insight Security Research: "[VulnWatch] Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Nov 2002 05:59:18 +0000 (GMT) From: Rain Forest Puppy <rfp@vulnwatch.org> To: <vulnwatch@vulnwatch.org>
A bug was found in Perl's Safe.pm module:
http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
Basically, code in the sandbox can modify the execution/operation mask via
@_; if the compartment was ever reused, the second time around it might
use the modified execution mask.
Perl <= 5.8.0 are vuln.
- rfp
- Previous message: NGSSoftware Insight Security Research: "[VulnWatch] Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
