From delmonta@sodans.usata.org  Sun Sep 28 07:19:13 2003
Return-Path: <delmonta@sodans.usata.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8B8D216A4B3
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 28 Sep 2003 07:19:13 -0700 (PDT)
Received: from sodans.usata.org (sodans.usata.org [61.211.239.46])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E936E44008
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 28 Sep 2003 07:19:12 -0700 (PDT)
	(envelope-from delmonta@sodans.usata.org)
Received: by sodans.usata.org (Postfix, from userid 1000)
	id BAAAAA97F; Sun, 28 Sep 2003 23:19:11 +0900 (JST)
Message-Id: <20030928141911.BAAAAA97F@sodans.usata.org>
Date: Sun, 28 Sep 2003 23:19:11 +0900 (JST)
From: IIJIMA Hiromitsu <delmonta@ht.sakura.ne.jp>
Reply-To: IIJIMA Hiromitsu <delmonta@ht.sakura.ne.jp>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Safe.pm security hole in 4.x base system's perl
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         57315
>Category:       bin
>Synopsis:       Safe.pm security hole in 4.x base system's perl
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    perl
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 28 07:20:05 PDT 2003
>Closed-Date:    Mon Jun 28 16:27:34 CEST 2004
>Last-Modified:  Mon Jun 28 16:27:34 CEST 2004
>Originator:     IIJIMA Hiromitsu
>Release:        FreeBSD 4.7-RELEASE-p3 i386
>Organization:
DENNOU GEDOU GAKKAI, N. D. D. http://www.dennougedougakkai-ndd.org
>Environment:
System: FreeBSD sodans.usata.org 4.7-RELEASE-p3 FreeBSD 4.7-RELEASE-p3 #0: Wed Jan 22 14:50:19 JST 2003 root@www.my.domain:/usr/src/sys/compile/RENTALv6 i386

Userland is upgraded to -p16, while the kernel is still -p3.

>Description:
	Safe.pm in FreeBSD 4.x base system's perl 5.005_03 has security hole
	labelled as CAN-2002-1323.

	For more information, see the websites at:
	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323
	http://groups.google.com/groups?threadm=rt-17744-39131.3.96370682846239%40bugs6.perl.org

	[NOTE] ports/lang/perl5 (perl 5.6.1) and ports/lang/perl5.8 (perl 5.8.0)
	are not affected, since they have files/patch-Safe.pm in the ports.

	ports/japanese/perl5 (perl 5.005_03 plus Japanese patch) are affected
	just as 4.x base system's one, so I'll send another PR.

>How-To-Repeat:
	Try the exploit code at Google Groups archive.

>Fix:
	Apply ports/lang/perl5/patch-Safe.pm to base system's perl.
	It applies to perl 5.005_03 with no problem.

	ports/lang/perl5.8/patch-Safe.pm does not apply to perl 5.005_03,
	since it is an upgrade from Safe.pm 2.07 to 2.09 while perl 5.005_03
	has Safe.pm 2.06.
>Release-Note:
>Audit-Trail:

From: IIJIMA Hiromitsu <delmonta@ht.sakura.ne.jp>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/57315: Safe.pm security hole in 4.x base system's perl
Date: Sun, 28 Sep 2003 23:36:53 +0900

 Google's exploit code did not work on my perl 5.005_03, but the problem
 should still be in 5.005_03.

From: IIJIMA Hiromitsu <delmonta@ht.sakura.ne.jp>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/57315: Safe.pm security hole in 4.x base system's perl
Date: Sun, 28 Sep 2003 23:53:59 +0900

 I sent the same PR for ports/japanese/perl5.
 It was labelled as ports/57316 and assigned to the maintainer.
Responsible-Changed-From-To: freebsd-bugs->so 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Sun Sep 28 08:52:09 PDT 2003 
Responsible-Changed-Why:  
Assign to the security officer; if this is a real problem, it would be 
nice to have it resolved in 4.9-RELEASE. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57315 

From: IIJIMA Hiromitsu <delmonta@ht.sakura.ne.jp>
To: freebsd-gnats-submit@FreeBSD.org
Cc: so@freebsd.org, shige@freebsd.org
Subject: Re: bin/57315: Safe.pm security hole in 4.x base system's perl
Date: Thu, 02 Oct 2003 06:32:21 +0900

 In ports/japanese/perl5, this problem was solved by applying ports/lang/perl5's patch.
 See PR ports/57316 and latest ports/japanese/perl5 CVS repository.
Responsible-Changed-From-To: so->freebsd-bugs 
Responsible-Changed-By: nectar 
Responsible-Changed-When: Mon Jan 12 11:19:45 PST 2004 
Responsible-Changed-Why:  
security-officer is not going to take any action on this issue, 
so unassign it so that some other interested party might pick 
it up (perhaps the Perl maintainer?). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57315 
Responsible-Changed-From-To: freebsd-bugs->perl 
Responsible-Changed-By: eik 
Responsible-Changed-When: Sat May 22 01:44:54 CEST 2004 
Responsible-Changed-Why:  
In the hope th perl people can give some feedback. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57315 
State-Changed-From-To: open->closed 
State-Changed-By: tobez 
State-Changed-When: Mon Jun 28 16:23:11 CEST 2004 
State-Changed-Why:  
This issue was patched in the base system perl in RELENG_4 branch on the 
same day lang/perl5 port was patched (21 April 2003).  RELENG_4_7 and 
RELENG_4_8 are still vulnerable.  Which gives? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57315 
>Unformatted:
