CVE-2013-2145

Exploit

EPSS 0.2%
Published 19.08.2013 23:55:08
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version12.10

Canonical ≫ Ubuntu Linux Version13.04

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.2

Opensuse ≫ Opensuse Version12.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.388

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-updates/2013-07/msg00039.html

http://lists.opensuse.org/opensuse-updates/2013-07/msg00043.html

http://www.openwall.com/lists/oss-security/2013/06/05/16

http://www.securityfocus.com/bid/60352

http://www.ubuntu.com/usn/USN-1896-1

https://bugzilla.redhat.com/show_bug.cgi?id=971096

https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2

Patch

Exploit

https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896

Patch

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2013-2145

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2145

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2145

EUVD