7.8

CVE-2016-6185

Exploit
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PerlPerl Version >= 5.23.0 < 5.24.1
PerlPerl Version >= 5.25.0 < 5.25.3
FedoraprojectFedora Version22
FedoraprojectFedora Version23
FedoraprojectFedora Version24
DebianDebian Linux Version8.0
OracleSolaris Version10
OracleSolaris Version11.3
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.79% 0.516
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Third Party Advisory
https://security.gentoo.org/glsa/201701-75
Third Party Advisory
https://usn.ubuntu.com/3625-1/
Third Party Advisory
https://usn.ubuntu.com/3625-2/
Third Party Advisory
http://www.debian.org/security/2016/dsa-3628
Third Party Advisory
http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7
Vendor Advisory
Issue Tracking
http://www.openwall.com/lists/oss-security/2016/07/07/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/07/08/5
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/91685
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036260
Third Party Advisory
VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/
https://rt.cpan.org/Public/Bug/Display.html?id=115808
Patch
Third Party Advisory
Exploit
Issue Tracking