CVE-2015-3409 — Improper Input Validation in Libmodule-signature-perl

CWE-20 — Improper Input Validation CWE-77 — Command Injection8 documents7 sources

Severity

7.2HIGHNVD

OSV7.5

EPSS

0.1%

top 82.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libmodule-signature-perl Module-signature Project Module-signature Canonical Ubuntu Linux

Timeline

PublishedMay 19

Latest updateMay 17

Description

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/libmodule-signature-perl< libmodule-signature-perl 0.78-1 (bookworm)

▶NVDmodule-signature_project/module-signature0.74

Also affects: Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

GHSA

GHSA-43mv-gcv3-rmpw: Untrusted search path vulnerability in Module::Signature before 0↗2022-05-17

▶

OSV

CVE-2015-3409: Untrusted search path vulnerability in Module::Signature before 0↗2015-05-19

▶

OSV

libmodule-signature-perl vulnerabilities↗2015-05-12

▶

📋Vendor Advisories

Ubuntu

Module::Signature vulnerabilities↗2015-05-12

▶

Red Hat

perl-Module-Signature: arbitrary modules loading in some circumstances↗2015-04-05

▶

Debian

CVE-2015-3409: libmodule-signature-perl - Untrusted search path vulnerability in Module::Signature before 0.75 allows loca...↗2015

▶

💬Community

Bugzilla

CVE-2015-3409 perl-Module-Signature: arbitrary modules loading in some circumstances↗2015-04-08

▶