CVE-2015-3408Command Injection in Libmodule-signature-perl

CWE-77Command Injection9 documents7 sources
Severity
10.0CRITICALNVD
OSV7.5
EPSS
3.9%
top 11.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Libmodule-signature-perlModule-signature Project Module-signatureCanonical Ubuntu Linux
Timeline
PublishedMay 19
Latest updateMay 17

Description

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

debiandebian/libmodule-signature-perl< libmodule-signature-perl 0.78-1 (bookworm)

Also affects: Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

3
GHSA
GHSA-c37j-xf8x-83gh: Module::Signature before 02022-05-17
OSV
CVE-2015-3408: Module::Signature before 02015-05-19
OSV
libmodule-signature-perl vulnerabilities2015-05-12

📋Vendor Advisories

3
Ubuntu
Module::Signature vulnerabilities2015-05-12
Red Hat
perl-Module-Signature: arbitrary code execution when verifying module signatures2015-04-05
Debian
CVE-2015-3408: libmodule-signature-perl - Module::Signature before 0.74 allows remote attackers to execute arbitrary shell...2015

💬Community

2
Bugzilla
CVE-2015-8313 gnutls: First byte of the padding in CBC mode is not checked2015-12-02
Bugzilla
CVE-2015-3408 perl-Module-Signature: arbitrary code execution when verifying module signatures2015-04-08
CVE-2015-3408 — Command Injection | cvebase