From owner-freebsd-bugs@FreeBSD.ORG Sun Sep 28 07:20:08 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27C3A16A4B3 for ; Sun, 28 Sep 2003 07:20:08 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B040D44025 for ; Sun, 28 Sep 2003 07:20:06 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h8SEK6FY078390 for ; Sun, 28 Sep 2003 07:20:06 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h8SEK6A8078389; Sun, 28 Sep 2003 07:20:06 -0700 (PDT) (envelope-from gnats) Resent-Date: Sun, 28 Sep 2003 07:20:06 -0700 (PDT) Resent-Message-Id: <200309281420.h8SEK6A8078389@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, IIJIMA Hiromitsu Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B8D216A4B3 for ; Sun, 28 Sep 2003 07:19:13 -0700 (PDT) Received: from sodans.usata.org (sodans.usata.org [61.211.239.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id E936E44008 for ; Sun, 28 Sep 2003 07:19:12 -0700 (PDT) (envelope-from delmonta@sodans.usata.org) Received: by sodans.usata.org (Postfix, from userid 1000) id BAAAAA97F; Sun, 28 Sep 2003 23:19:11 +0900 (JST) Message-Id: <20030928141911.BAAAAA97F@sodans.usata.org> Date: Sun, 28 Sep 2003 23:19:11 +0900 (JST) From: IIJIMA Hiromitsu To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/57315: Safe.pm security hole in 4.x base system's perl X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: IIJIMA Hiromitsu List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Sep 2003 14:20:08 -0000 >Number: 57315 >Category: bin >Synopsis: Safe.pm security hole in 4.x base system's perl >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Sep 28 07:20:05 PDT 2003 >Closed-Date: >Last-Modified: >Originator: IIJIMA Hiromitsu >Release: FreeBSD 4.7-RELEASE-p3 i386 >Organization: DENNOU GEDOU GAKKAI, N. D. D. http://www.dennougedougakkai-ndd.org >Environment: System: FreeBSD sodans.usata.org 4.7-RELEASE-p3 FreeBSD 4.7-RELEASE-p3 #0: Wed Jan 22 14:50:19 JST 2003 root@www.my.domain:/usr/src/sys/compile/RENTALv6 i386 Userland is upgraded to -p16, while the kernel is still -p3. >Description: Safe.pm in FreeBSD 4.x base system's perl 5.005_03 has security hole labelled as CAN-2002-1323. For more information, see the websites at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323 http://groups.google.com/groups?threadm=rt-17744-39131.3.96370682846239%40bugs6.perl.org [NOTE] ports/lang/perl5 (perl 5.6.1) and ports/lang/perl5.8 (perl 5.8.0) are not affected, since they have files/patch-Safe.pm in the ports. ports/japanese/perl5 (perl 5.005_03 plus Japanese patch) are affected just as 4.x base system's one, so I'll send another PR. >How-To-Repeat: Try the exploit code at Google Groups archive. >Fix: Apply ports/lang/perl5/patch-Safe.pm to base system's perl. It applies to perl 5.005_03 with no problem. ports/lang/perl5.8/patch-Safe.pm does not apply to perl 5.005_03, since it is an upgrade from Safe.pm 2.07 to 2.09 while perl 5.005_03 has Safe.pm 2.06. >Release-Note: >Audit-Trail: >Unformatted: