Vigil@nce: Perl, bypassing Safe.pm via sub references
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use a reference on a subroutine, in order to
bypass restrictions imposed by the Safe.pm module of Perl.
– Severity: 2/4
– Creation date: 21/05/2010
DESCRIPTION OF THE VULNERABILITY
The Safe.pm module creates an environment restricting Perl
features:
– Safe::reval("here a Perl code") : the Perl code is restricted
– Safe::rdo("file") : the Perl code located inside the file is
restricted
However, a malicious Perl code can define a reference on a
subroutine, which is used after the restricted environment.
An attacker can therefore use a reference on a subroutine, in
order to bypass restrictions imposed by the Safe.pm module of Perl.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-bypassing-Safe-pm-via-sub-references-9658