National Cyber Awareness System

Vulnerability Summary for CVE-2010-1447

Overview

The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2010-1167

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2010/1167

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=588269

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=588269

External Source: CONFIRM

Name: https://bugs.launchpad.net/bugs/cve/2010-1447

Hyperlink:https://bugs.launchpad.net/bugs/cve/2010-1447

External Source: SECTRACK

Name: 1023988

Hyperlink:http://www.securitytracker.com/id?1023988

External Source: BID

Name: 40305

Hyperlink:http://www.securityfocus.com/bid/40305

External Source: REDHAT

Name: RHSA-2010:0458

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0458.html

External Source: REDHAT

Name: RHSA-2010:0457

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0457.html

External Source: CONFIRM

Name: http://www.postgresql.org/about/news.1203

Hyperlink:http://www.postgresql.org/about/news.1203

External Source: MLIST

Name: [oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request

Hyperlink:http://www.openwall.com/lists/oss-security/2010/05/20/5

External Source: MANDRIVA

Name: MDVSA-2010:116

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:116

External Source: MANDRIVA

Name: MDVSA-2010:115

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:115

External Source: DEBIAN

Name: DSA-2267

Hyperlink:http://www.debian.org/security/2011/dsa-2267

External Source: CONFIRM

Name: http://security-tracker.debian.org/tracker/CVE-2010-1447

Hyperlink:http://security-tracker.debian.org/tracker/CVE-2010-1447

External Source: SECUNIA

Name: 40052

Hyperlink:http://secunia.com/advisories/40052

External Source: SECUNIA

Name: 40049

Hyperlink:http://secunia.com/advisories/40049

External Source: SECUNIA

Name: 39845

Type: Advisory

Hyperlink:http://secunia.com/advisories/39845

External Source: OVAL

Name: oval:org.mitre.oval:def:7320

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7320

External Source: OVAL

Name: oval:org.mitre.oval:def:11530

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11530

External Source: OSVDB

Name: 64756

Hyperlink:http://osvdb.org/64756

References to Check Content

Identifier:oval:org.mitre.oval:def:11530

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11530

Identifier:oval:org.mitre.oval:def:7320

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7320