Showing 1 - 4 of 4

CVE-2016-2381

Status Candidate

Overview

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

Gentoo Linux Security Advisory 201701-75: Posted Jan 30, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201701-75 - Multiple vulnerabilities have been found in Perl, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 5.22.3_rc4 are affected.; tags | advisory, remote, arbitrary, perl, vulnerability; systems | linux, gentoo; advisories | CVE-2015-8607, CVE-2015-8853, CVE-2016-1238, CVE-2016-2381, CVE-2016-6185; SHA-256 | cdd279034985732a13fb92530da2b6d854d1f02cd93718b3a52824aa2a52f265; Download | Favorite | View

HP Security Bulletin HPSBNS03635 1: Posted Aug 22, 2016; Authored by HP | Site hp.com; HP Security Bulletin HPSBNS03635 1 - Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. Revision 1 of this advisory.; tags | advisory, remote, local, trojan, perl, php, vulnerability; advisories | CVE-2013-7456, CVE-2014-4330, CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394, CVE-2015-8607, CVE-2015-8853, CVE-2015-8865, CVE-2015-8874, CVE-2016-1238, CVE-2016-1903, CVE-2016-2381, CVE-2016-2554, CVE-2016-3074, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539; SHA-256 | d61092f8531c4cfe3e647e6a78dff740f1529c96097e41b94e0050770ca40436; Download | Favorite | View

Ubuntu Security Notice USN-2916-1: Posted Mar 3, 2016; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2916-1 - It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An attacker could use this issue to cause Perl to consume memory and crash, resulting in a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, arbitrary, perl; systems | linux, ubuntu; advisories | CVE-2013-7422, CVE-2014-4330, CVE-2016-2381; SHA-256 | 11e056de6dfb046779b736f70aa61c3166ddef3f52a845f803b60553b0168d67; Download | Favorite | View

Debian Security Advisory 3501-1: Posted Mar 2, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3501-1 - Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint security mechanism would be applied to the value in %ENV, but not to the other rest of the environment. This could result in an ambiguous environment causing environment variables to be propagated to subprocesses, despite the protections supposedly offered by taint checking.; tags | advisory, perl; systems | linux, debian; advisories | CVE-2016-2381; SHA-256 | 0175db23b2e5d2977586b5d7e9b15cec7d810fb7dd51a574de92d242a41c5aa4; Download | Favorite | View

Page 1 of 1 Back 1 Next