CVE-2015-3407Improper Access Control in Libmodule-signature-perl

CWE-284Improper Access ControlCWE-20Improper Input Validation8 documents7 sources
Severity
5.0MEDIUMNVD
OSV7.5
EPSS
0.4%
top 41.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Libmodule-signature-perlModule-signature Project Module-signatureCanonical Ubuntu Linux
Timeline
PublishedMay 19
Latest updateMay 17

Description

Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

debiandebian/libmodule-signature-perl< libmodule-signature-perl 0.78-1 (bookworm)

Also affects: Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

3
GHSA
GHSA-2qpg-g63h-ghqr: Module::Signature before 02022-05-17
OSV
CVE-2015-3407: Module::Signature before 02015-05-19
OSV
libmodule-signature-perl vulnerabilities2015-05-12

📋Vendor Advisories

3
Ubuntu
Module::Signature vulnerabilities2015-05-12
Red Hat
perl-Module-Signature: arbitrary code execution during test phase2015-04-05
Debian
CVE-2015-3407: libmodule-signature-perl - Module::Signature before 0.74 allows remote attackers to bypass signature verifi...2015

💬Community

1
Bugzilla
CVE-2015-3407 perl-Module-Signature: arbitrary code execution during test phase2015-04-08
CVE-2015-3407 — Improper Access Control | cvebase