Privilege Escalation Vulnerability in Perl 5.x Products by Perl Developer
CVE-2016-1238

7.8HIGH

Key Information:

Vendor

Debian
Status
Debian Linux
Fedora
Vendor
CVE Published:
2 August 2016

What is CVE-2016-1238?

The vulnerability in Perl 5.x allows local users to exploit improper handling of period characters in the includes directory array. This flaw can enable them to gain unauthorized privileges by using Trojan horse modules located in the current working directory, thereby compromising system integrity and security.

References

https://security.gentoo.org/glsa/201701-75
vendor-advisoryx_refsource_GENTOO
https://security.gentoo.org/glsa/201812-07
vendor-advisoryx_refsource_GENTOO
http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.