Security Vulnerabilities in "Safe.pm" and "CGI.pm" Perl Modules

---

Impact

Security vulnerabilities in "Safe.pm" and "CGI.pm" Perl modules may allow the following:

1. The "Safe.pm" Perl module contains a security vulnerability which may allow a local or remote unprivileged user to bypass compartment access controls if a Perl application utilizes the "Safe.pm" Perl module.

2. The "CGI.pm" Perl module contains a cross site scripting security vulnerability, see the following URLs for details about cross site scripting and web script vulnerabilities:

• http://www.cert.org/archive/pdf/cross_site_scripting.pdf
• http://www.cert.org/tech_tips/malicious_code_FAQ.html
• http://www.cert.org/advisories/CA-2000-02.html

Due to this "CGI.pm" cross site scripting vulnerability users may unintentionally execute scripts in their browser written by a remote unprivileged user if they follow untrusted links/URIs in web pages, mail messages, or newsgroup postings. By following these untrusted links/URIs, the remote attacker may be able to execute commands with the privileges of the user who accessed the link/URI.

These issues are described here:

• CIAC Bulletin n-155 - http://www.ciac.org/ciac/bulletins/n-155.shtml
• CAN-2003-0615 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615
• CAN-2002-1223 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323

Contributing Factors

These issues can occur in the following releases:

SPARC Platform

• Solaris 8 without patch 122091-01
• Solaris 9 (perl v5.005_03) without patch 121996-01
• Solaris 9 (perl v5.6.1) without patch 119449-01

x86 Platform

• Solaris 8 without patch 122092-01
• Solaris 9 (perl v5.005_03) without patch 121997-02
• Solaris 9 (perl v5.6.1) without patch 119450-01

Note: Solaris 10 is not impacted by this issue.

These issues can occur on systems with Perl module Safe.pm version 2.0.7 or earlier or Perl module CGI.pm version 2.94 or earlier. The CGI.pm and Safe.pm Perl modules are both included with the Solaris Perl distribution.

To determine the version of the Safe.pm or the CGI.pm Perl modules, the following commands can be run:

    $ grep VERSION `nawk '/Safe.pm/ {print $1}' /var/sadm/install/contents`
    $ grep VERSION `nawk '/CGI.pm/ {print $1}' /var/sadm/install/contents`

Symptoms

There are no predictable symptoms that would show that the described issue has occurred.

Workaround

Customers should review the above CERT documents in addition to the following URL for information on how to mitigate the risks of these issues including details on hardening web servers, modifying web browsers to disable scripting languages, and advice for developers. See the practices numbered 18-22 at the following URL:

• http://www.cert.org/security-improvement/

Resolution

These issues are addressed in the following releases:

SPARC Platform

• Solaris 8 with patch 122091-01 or later
• Solaris 9 (perl v5.005_03) with patch 121996-01 or later
• Solaris 9 (perl v5.6.1) with patch 119449-01 or later

x86 Platform

• Solaris 8 with patch 122092-01 or later
• Solaris 9 (perl v5.005_03) with patch 121997-02 or later
• Solaris 9 (perl v5.6.1) with patch 119450-01 or later

Modification History


Date: 21-JUN-2005

Change History

• State: Resolved
• Updated Contributing Factors and Relief/Workaround sections

Date: 21-SEP-2005

• State is not Resolved.
• Updated Contributing Factors and Resolution sections

Date: 02-FEB-2006

• Updated BugID field
• Updated Contributing Factors and Relief/Workaround sections

Date: 13-FEB-2006

• Updated Contributing Factors, Relief/Workaround, and Resolution sections

Date: 09-MAR-2006

• Updated Contributing Factors, and Resolution sections

Date: 21-MAR-2006

• State: Resolved
• Updated Contributing Factors and Resolution sections

Attachments

This solution has no attachment