Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-1238

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Published

2016-08-02T14:59:00.130

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	debian	debian_linux	8.0	Yes
Operating System	fedoraproject	fedora	23	Yes
Operating System	fedoraproject	fedora	24	Yes
Application	perl	perl	1.0.15	Yes
Application	perl	perl	1.0.16	Yes
Application	perl	perl	5.000	Yes
Application	perl	perl	5.000o	Yes
Application	perl	perl	5.001	Yes
Application	perl	perl	5.001n	Yes
Application	perl	perl	5.002	Yes
Application	perl	perl	5.002_01	Yes
Application	perl	perl	5.003	Yes
Application	perl	perl	5.003_01	Yes
Application	perl	perl	5.003_02	Yes
Application	perl	perl	5.003_03	Yes
Application	perl	perl	5.003_04	Yes
Application	perl	perl	5.003_05	Yes
Application	perl	perl	5.003_07	Yes
Application	perl	perl	5.003_08	Yes
Application	perl	perl	5.003_09	Yes
Application	perl	perl	5.003_10	Yes
Application	perl	perl	5.003_11	Yes
Application	perl	perl	5.003_12	Yes
Application	perl	perl	5.003_13	Yes
Application	perl	perl	5.003_14	Yes
Application	perl	perl	5.003_15	Yes
Application	perl	perl	5.003_16	Yes
Application	perl	perl	5.003_17	Yes
Application	perl	perl	5.003_18	Yes
Application	perl	perl	5.003_19	Yes
Application	perl	perl	5.003_20	Yes
Application	perl	perl	5.003_21	Yes
Application	perl	perl	5.003_22	Yes
Application	perl	perl	5.003_23	Yes
Application	perl	perl	5.003_24	Yes
Application	perl	perl	5.003_25	Yes
Application	perl	perl	5.003_26	Yes
Application	perl	perl	5.003_27	Yes
Application	perl	perl	5.003_28	Yes
Application	perl	perl	5.003_90	Yes
Application	perl	perl	5.003_91	Yes
Application	perl	perl	5.003_92	Yes
Application	perl	perl	5.003_93	Yes
Application	perl	perl	5.003_94	Yes
Application	perl	perl	5.003_95	Yes
Application	perl	perl	5.003_96	Yes
Application	perl	perl	5.003_97	Yes
Application	perl	perl	5.003_97a	Yes
Application	perl	perl	5.003_97b	Yes
Application	perl	perl	5.003_97c	Yes
Application	perl	perl	5.003_97d	Yes
Application	perl	perl	5.003_97e	Yes
Application	perl	perl	5.003_97f	Yes
Application	perl	perl	5.003_97g	Yes
Application	perl	perl	5.003_97h	Yes
Application	perl	perl	5.003_97i	Yes
Application	perl	perl	5.003_97j	Yes
Application	perl	perl	5.003_98	Yes
Application	perl	perl	5.003_99	Yes
Application	perl	perl	5.003_99a	Yes
Application	perl	perl	5.004	Yes
Application	perl	perl	5.004_01	Yes
Application	perl	perl	5.004_02	Yes
Application	perl	perl	5.004_03	Yes
Application	perl	perl	5.004_04	Yes
Application	perl	perl	5.004_05	Yes
Application	perl	perl	5.005	Yes
Application	perl	perl	5.005_01	Yes
Application	perl	perl	5.005_02	Yes
Application	perl	perl	5.005_03	Yes
Application	perl	perl	5.005_04	Yes
Application	perl	perl	5.6	Yes
Application	perl	perl	5.6.0	Yes
Application	perl	perl	5.6.1	Yes
Application	perl	perl	5.6.2	Yes
Application	perl	perl	5.7.3	Yes
Application	perl	perl	5.8	Yes
Application	perl	perl	5.8.0	Yes
Application	perl	perl	5.8.1	Yes
Application	perl	perl	5.8.2	Yes
Application	perl	perl	5.8.3	Yes
Application	perl	perl	5.8.4	Yes
Application	perl	perl	5.8.5	Yes
Application	perl	perl	5.8.6	Yes
Application	perl	perl	5.8.7	Yes
Application	perl	perl	5.8.8	Yes
Application	perl	perl	5.8.9	Yes
Application	perl	perl	5.8.9	Yes
Application	perl	perl	5.9.0	Yes
Application	perl	perl	5.9.1	Yes
Application	perl	perl	5.9.2	Yes
Application	perl	perl	5.9.3	Yes
Application	perl	perl	5.9.4	Yes
Application	perl	perl	5.9.5	Yes
Application	perl	perl	5.10	Yes
Application	perl	perl	5.10.0	Yes
Application	perl	perl	5.10.1	Yes
Application	perl	perl	5.10.1	Yes
Application	perl	perl	5.10.1	Yes
Application	perl	perl	5.11.0	Yes
Application	perl	perl	5.11.1	Yes
Application	perl	perl	5.11.2	Yes
Application	perl	perl	5.11.3	Yes
Application	perl	perl	5.11.4	Yes
Application	perl	perl	5.11.5	Yes
Application	perl	perl	5.12.0	Yes
Application	perl	perl	5.12.0	Yes
Application	perl	perl	5.12.0	Yes
Application	perl	perl	5.12.0	Yes
Application	perl	perl	5.12.0	Yes
Application	perl	perl	5.12.0	Yes
Application	perl	perl	5.12.0	Yes
Application	perl	perl	5.12.1	Yes
Application	perl	perl	5.12.1	Yes
Application	perl	perl	5.12.1	Yes
Application	perl	perl	5.12.1	Yes
Application	perl	perl	5.12.2	Yes
Application	perl	perl	5.12.2	Yes
Application	perl	perl	5.12.3	Yes
Application	perl	perl	5.12.3	Yes
Application	perl	perl	5.12.3	Yes
Application	perl	perl	5.12.3	Yes
Application	perl	perl	5.12.4	Yes
Application	perl	perl	5.12.4	Yes
Application	perl	perl	5.12.4	Yes
Application	perl	perl	5.12.5	Yes
Application	perl	perl	5.12.5	Yes
Application	perl	perl	5.12.5	Yes
Application	perl	perl	5.13.0	Yes
Application	perl	perl	5.13.1	Yes
Application	perl	perl	5.13.2	Yes
Application	perl	perl	5.13.3	Yes
Application	perl	perl	5.13.4	Yes
Application	perl	perl	5.13.5	Yes
Application	perl	perl	5.13.6	Yes
Application	perl	perl	5.13.7	Yes
Application	perl	perl	5.13.8	Yes
Application	perl	perl	5.13.9	Yes
Application	perl	perl	5.13.10	Yes
Application	perl	perl	5.13.11	Yes
Application	perl	perl	5.14.0	Yes
Application	perl	perl	5.14.0	Yes
Application	perl	perl	5.14.0	Yes
Application	perl	perl	5.14.0	Yes
Application	perl	perl	5.14.1	Yes
Application	perl	perl	5.14.1	Yes
Application	perl	perl	5.14.2	Yes
Application	perl	perl	5.14.2	Yes
Application	perl	perl	5.14.3	Yes
Application	perl	perl	5.14.3	Yes
Application	perl	perl	5.14.3	Yes
Application	perl	perl	5.14.4	Yes
Application	perl	perl	5.14.4	Yes
Application	perl	perl	5.14.4	Yes
Application	perl	perl	5.15.0	Yes
Application	perl	perl	5.15.1	Yes
Application	perl	perl	5.15.2	Yes
Application	perl	perl	5.15.3	Yes
Application	perl	perl	5.15.4	Yes
Application	perl	perl	5.15.5	Yes
Application	perl	perl	5.15.6	Yes
Application	perl	perl	5.15.7	Yes
Application	perl	perl	5.15.8	Yes
Application	perl	perl	5.15.9	Yes
Application	perl	perl	5.16.0	Yes
Application	perl	perl	5.16.0	Yes
Application	perl	perl	5.16.0	Yes
Application	perl	perl	5.16.1	Yes
Application	perl	perl	5.16.2	Yes
Application	perl	perl	5.16.3	Yes
Application	perl	perl	5.16.3	Yes
Application	perl	perl	5.17.0	Yes
Application	perl	perl	5.17.1	Yes
Application	perl	perl	5.17.2	Yes
Application	perl	perl	5.17.3	Yes
Application	perl	perl	5.17.4	Yes
Application	perl	perl	5.17.5	Yes
Application	perl	perl	5.17.6	Yes
Application	perl	perl	5.17.7	Yes
Application	perl	perl	5.17.7.0	Yes
Application	perl	perl	5.17.8	Yes
Application	perl	perl	5.17.9	Yes
Application	perl	perl	5.17.10	Yes
Application	perl	perl	5.17.11	Yes
Application	perl	perl	5.18.0	Yes
Application	perl	perl	5.18.0	Yes
Application	perl	perl	5.18.0	Yes
Application	perl	perl	5.18.0	Yes
Application	perl	perl	5.18.0	Yes
Application	perl	perl	5.18.1	Yes
Application	perl	perl	5.18.2	Yes
Application	perl	perl	5.18.2	Yes
Application	perl	perl	5.18.2	Yes
Application	perl	perl	5.18.2	Yes
Application	perl	perl	5.18.2	Yes
Application	perl	perl	5.18.3	Yes
Application	perl	perl	5.18.3	Yes
Application	perl	perl	5.18.3	Yes
Application	perl	perl	5.18.4	Yes
Application	perl	perl	5.19.0	Yes
Application	perl	perl	5.19.1	Yes
Application	perl	perl	5.19.2	Yes
Application	perl	perl	5.19.3	Yes
Application	perl	perl	5.19.4	Yes
Application	perl	perl	5.19.5	Yes
Application	perl	perl	5.19.6	Yes
Application	perl	perl	5.19.7	Yes
Application	perl	perl	5.19.8	Yes
Application	perl	perl	5.19.9	Yes
Application	perl	perl	5.19.10	Yes
Application	perl	perl	5.19.11	Yes
Application	perl	perl	5.20.0	Yes
Application	perl	perl	5.20.0	Yes
Application	perl	perl	5.20.1	Yes
Application	perl	perl	5.20.1	Yes
Application	perl	perl	5.20.1	Yes
Application	perl	perl	5.20.2	Yes
Application	perl	perl	5.20.2	Yes
Application	perl	perl	5.20.3	Yes
Application	perl	perl	5.20.3	Yes
Application	perl	perl	5.20.3	Yes
Application	perl	perl	5.21.0	Yes
Application	perl	perl	5.21.1	Yes
Application	perl	perl	5.21.2	Yes
Application	perl	perl	5.21.3	Yes
Application	perl	perl	5.21.4	Yes
Application	perl	perl	5.21.5	Yes
Application	perl	perl	5.21.6	Yes
Application	perl	perl	5.21.7	Yes
Application	perl	perl	5.21.8	Yes
Application	perl	perl	5.21.9	Yes
Application	perl	perl	5.21.10	Yes
Application	perl	perl	5.21.11	Yes
Application	perl	perl	5.22.0	Yes
Application	perl	perl	5.22.0	Yes
Application	perl	perl	5.22.0	Yes
Application	perl	perl	5.22.1	Yes
Application	perl	perl	5.22.1	Yes
Application	perl	perl	5.22.1	Yes
Application	perl	perl	5.22.1	Yes
Application	perl	perl	5.22.1	Yes
Application	perl	perl	5.22.2	Yes
Application	perl	perl	5.22.2	Yes
Application	perl	perl	5.22.3	Yes
Application	perl	perl	5.24.0	Yes
Application	perl	perl	5.24.0	Yes
Application	perl	perl	5.24.0	Yes
Application	perl	perl	5.24.0	Yes
Application	perl	perl	5.24.0	Yes
Application	perl	perl	5.24.0	Yes
Application	perl	perl	5.24.1	Yes
Operating System	opensuse	leap	15.0	Yes
Application	apache	spamassassin	< 3.4.2	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html Third Party Advisory ([email protected])
http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab Issue Tracking ([email protected])
http://www.debian.org/security/2016/dsa-3628 Third Party Advisory ([email protected])
http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/92136 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1036440 Third Party Advisory, VDB Entry ([email protected])
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E ([email protected])
https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/ ([email protected])
https://rt.perl.org/Public/Bug/Display.html?id=127834 Permissions Required ([email protected])
https://security.gentoo.org/glsa/201701-75 Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201812-07 Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3628 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92136 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036440 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/ (af854a3a-2127-422b-91ae-364da2661108)
https://rt.perl.org/Public/Bug/Display.html?id=127834 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-75 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201812-07 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)