Module-Signature Project Module-Signature vulnerabilities

CVE-2015-3406 [HIGH] CWE-681 CVE-2015-3406: The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsi The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.

CVE-2015-3408 [CRITICAL] CWE-77 CVE-2015-3408: Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a craf Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

CVE-2015-3409 [HIGH] CVE-2015-3409: Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain priv Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.

CVE-2015-3407 [MEDIUM] CWE-284 CVE-2015-3407: Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.