Note: This is an archival copy of Security Sun Alert 200205 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000156.1.
Article ID : 1000156.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-05-21
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities in "Safe.pm" and "CGI.pm" Perl Modules



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 8 Operating System

Bug Id
4951799, 6338552

Date of Workaround Release
23-JAN-2004

Date of Resolved Release
21-MAR-2006

Impact

Security vulnerabilities in "Safe.pm" and "CGI.pm" Perl modules may allow the following:

1. The "Safe.pm" Perl module contains a security vulnerability which may allow a local or remote unprivileged user to bypass compartment access controls if a Perl application utilizes the "Safe.pm" Perl module.

2. The "CGI.pm" Perl module contains a cross site scripting security vulnerability, see the following URLs for details about cross site scripting and web script vulnerabilities:

Due to this "CGI.pm" cross site scripting vulnerability users may unintentionally execute scripts in their browser written by a remote unprivileged user if they follow untrusted links/URIs in web pages, mail messages, or newsgroup postings. By following these untrusted links/URIs, the remote attacker may be able to execute commands with the privileges of the user who accessed the link/URI.

These issues are described here:


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 122091-01
  • Solaris 9 (perl v5.005_03) without patch 121996-01
  • Solaris 9 (perl v5.6.1) without patch 119449-01

x86 Platform

  • Solaris 8 without patch 122092-01
  • Solaris 9 (perl v5.005_03) without patch 121997-02
  • Solaris 9 (perl v5.6.1) without patch 119450-01

Note: Solaris 10 is not impacted by this issue.

These issues can occur on systems with Perl module Safe.pm version 2.0.7 or earlier or Perl module CGI.pm version 2.94 or earlier. The CGI.pm and Safe.pm Perl modules are both included with the Solaris Perl distribution.

To determine the version of the Safe.pm or the CGI.pm Perl modules, the following commands can be run:

$ grep VERSION `nawk '/Safe.pm/ {print $1}' /var/sadm/install/contents`
$ grep VERSION `nawk '/CGI.pm/ {print $1}' /var/sadm/install/contents`

Symptoms

There are no predictable symptoms that would show that the described issue has occurred.


Workaround

Customers should review the above CERT documents in addition to the following URL for information on how to mitigate the risks of these issues including details on hardening web servers, modifying web browsers to disable scripting languages, and advice for developers. See the practices numbered 18-22 at the following URL:


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 122091-01 or later
  • Solaris 9 (perl v5.005_03) with patch 121996-01 or later
  • Solaris 9 (perl v5.6.1) with patch 119449-01 or later

x86 Platform

  • Solaris 8 with patch 122092-01 or later
  • Solaris 9 (perl v5.005_03) with patch 121997-02 or later
  • Solaris 9 (perl v5.6.1) with patch 119450-01 or later


Modification History
Date: 21-JUN-2005

Change History

  • State: Resolved
  • Updated Contributing Factors and Relief/Workaround sections

Date: 21-SEP-2005
  • State is not Resolved.
  • Updated Contributing Factors and Resolution sections

Date: 02-FEB-2006
  • Updated BugID field
  • Updated Contributing Factors and Relief/Workaround sections

Date: 13-FEB-2006
  • Updated Contributing Factors, Relief/Workaround, and Resolution sections

Date: 09-MAR-2006
  • Updated Contributing Factors, and Resolution sections

Date: 21-MAR-2006
  • State: Resolved
  • Updated Contributing Factors and Resolution sections


References

119449-01
119450-01
122091-01
122092-01
121996-01
121997-02




Attachments
This solution has no attachment