Debian Libmodule-Signature-Perl vulnerabilities

5 known vulnerabilities affecting debian/libmodule-signature-perl.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2015-3408CRITICALCVSS 10.0fixed in libmodule-signature-perl 0.78-1 (bookworm)2015

CVE-2015-3408 [CRITICAL] CVE-2015-3408: libmodule-signature-perl - Module::Signature before 0.74 allows remote attackers to execute arbitrary shell... Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. Scope: local bookworm: resolved (fixed in 0.78-1) bullseye: resolved (fixed in 0.78-1) forky: resolved (fixed in 0.78-1) sid: resolved (fixed in 0.78-

CVE-2015-3406HIGHCVSS 7.5fixed in libmodule-signature-perl 0.78-1 (bookworm)2015

CVE-2015-3406 [HIGH] CVE-2015-3406: libmodule-signature-perl - The PGP signature parsing in Module::Signature before 0.74 allows remote attacke... The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. Scope: local bookworm: resolved (fixed in 0.78-1) bullseye: resolved (fixed in 0.78-1) forky: resolved (fixed in 0.78-1) sid: resolved (fixed in 0.78-1) trixie

CVE-2015-3409HIGHCVSS 7.2fixed in libmodule-signature-perl 0.78-1 (bookworm)2015

CVE-2015-3409 [HIGH] CVE-2015-3409: libmodule-signature-perl - Untrusted search path vulnerability in Module::Signature before 0.75 allows loca... Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module. Scope: local bookworm: resolved (fixed in 0.78-1) bullseye: resolved (fixed in 0.78-1) forky: resolved (fixed in 0.78-1) sid: reso

CVE-2015-3407MEDIUMCVSS 5.0fixed in libmodule-signature-perl 0.78-1 (bookworm)2015

CVE-2015-3407 [MEDIUM] CVE-2015-3407: libmodule-signature-perl - Module::Signature before 0.74 allows remote attackers to bypass signature verifi... Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. Scope: local bookworm: resolved (fixed in 0.78-1) bullseye: resolved (fixed in 0.78-1) forky: resolved (fixed in 0.78-1) sid: resolved (fixed in 0.78-1) trixie: resolved (fixed in 0.78-1)

CVE-2013-2145MEDIUMCVSS 4.4fixed in libmodule-signature-perl 0.73-1 (bookworm)2013

CVE-2013-2145 [MEDIUM] CVE-2013-2145: libmodule-signature-perl - The cpansign verify functionality in the Module::Signature module before 0.72 fo... The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/. Scope: local bookworm: resolved (fixed in 0.73-1) bullseye: resolved (fixed in 0.73-1) fo