John Lightsey

**Nome do software vulnerável e versões afetadas** Versões do módulo Parallel::ForkManager anteriores à 1.0.0 **Descrição** O problema está relacionado ao tratamento inadequado de arquivos temporários pelo módulo Parallel::ForkManager para Perl. **Recomendações** Para versões anteriores à 1.0.0, atualize para a versão 1.0.0 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** masqmail versions 0.2.21 through 0.2.30 **Description** The issue arises from improper calls to seteuid() in the src/log.c and src/masqmail.c files, leading to improper privilege dropping. **Recommendations** For masqmail versions 0.2.21 through 0.2.30, consider updating to a version where the seteuid() calls are properly handled to ensure correct privilege dropping.

**Name of the Vulnerable Software and Affected Versions** mod ruid2 versions prior to 0.9.8 **Description** The issue improperly handles file descriptors, allowing remote attackers to bypass security using a CGI script to break out of the chroot. **Recommendations** For mod ruid2 versions prior to 0.9.8, update to version 0.9.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Movable Type Pro and Advanced versions 6.0.0 through 6.1.3 Movable Type Pro and Advanced versions 6.2.0 through 6.2.6 Movable Type Open Source versions 5.2.13 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For Movable Type Pro and Advanced versions 6.0.0 through 6.1.3, update to version 6.1.3 or later. For Movable Type Pro and Advanced versions 6.2.0 through 6.2.6, update to version 6.2.6 or later. For Movable Type Open Source versions 5.2.13 and earlier, update to a version later than 5.2.13.

**Name of the Vulnerable Software and Affected Versions** Perl versions prior to 5.22.3-RC2 Perl versions 5.24 prior to 5.24.1-RC2 **Description** The issue is related to errors in privilege management in the Perl interpreter, specifically with the handling of the included directory array ("@INC"). This could allow a local user to gain privileges via a Trojan horse module under the current working directory by exploiting the failure to properly remove period characters from the end of the includes directory array. **Recommendations** For Perl versions prior to 5.22.3-RC2, update to version 5.22.3-RC2 or later. For Perl versions 5.24 prior to 5.24.1-RC2, update to version 5.24.1-RC2 or later. As a temporary workaround, consider restricting access to the vulnerable modules under the current working directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Module::Signature versions prior to 0.74 **Description** The issue is related to the lack of input sanitization in the Module::Signature module of the Ubuntu operating system. This can be exploited by a remote attacker to execute arbitrary shell commands using a specially crafted SIGNATURE file. The exploitation occurs when the module generates checksums from a signed manifest and does not properly handle the crafted file. **Recommendations** For Module::Signature versions prior to 0.74, update to version 0.74 or later to resolve the issue. As a temporary workaround, consider restricting access to the Module::Signature module to minimize the risk of exploitation. Avoid using the module to generate checksums from signed manifests until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Module::Signature versions prior to 0.75 **Description** The issue allows local users to gain privileges via a Trojan horse module under the current working directory. This can be demonstrated by a Trojan horse Text::Diff module, where an attacker could potentially exploit the untrusted search path vulnerability to elevate their privileges. **Recommendations** For versions prior to 0.75, update to version 0.75 or later to resolve the issue. As a temporary workaround, consider restricting access to the current working directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Module::Signature versions prior to 0.74 **Description** The issue allows remote attackers to bypass signature verification for files. This can be achieved by using a signature file that does not list the files. **Recommendations** For versions prior to 0.74, update to version 0.74 or later to resolve the issue. As a temporary workaround, consider validating the contents of signature files to ensure they list all relevant files before proceeding with verification.

**Name of the Vulnerable Software and Affected Versions** Module::Signature versions prior to 0.74 **Description** The issue concerns the PGP signature parsing in Module::Signature, allowing remote attackers to manipulate the treatment of signed and unsigned portions of a SIGNATURE file. This is achieved via unspecified vectors. **Recommendations** For versions prior to 0.74, update to version 0.74 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIGNATURE file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Movable Type Pro versions prior to 5.2.13 Movable Type Open Source versions prior to 5.2.13 Movable Type Advanced versions prior to 5.2.13 Movable Type Pro versions 6.0.x prior to 6.0.8 Movable Type Advanced versions 6.0.x prior to 6.0.8 **Description** The issue allows remote attackers to execute arbitrary code via vectors related to localization of templates. This is due to a format string vulnerability. **Recommendations** For Movable Type Pro versions prior to 5.2.13, update to version 5.2.13 or later. For Movable Type Open Source versions prior to 5.2.13, update to version 5.2.13 or later. For Movable Type Advanced versions prior to 5.2.13, update to version 5.2.13 or later. For Movable Type Pro versions 6.0.x prior to 6.0.8, update to version 6.0.8 or later. For Movable Type Advanced versions 6.0.x prior to 6.0.8, update to version 6.0.8 or later.

**Name of the Vulnerable Software and Affected Versions** Movable Type versions prior to 5.2.6 **Description** The issue arises from the incorrect usage of the Storable::thaw function, allowing remote attackers to execute arbitrary code through the `comment state` parameter. This enables attackers to potentially gain control over the system. **Recommendations** For versions prior to 5.2.6, update to version 5.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `comment state` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Movable Type Pro, Open Source, and Advanced versions prior to 5.2.12 Movable Type Pro and Advanced versions 6.0.x prior to 6.0.7 **Description** The issue arises from the improper use of the Perl Storable::thaw function, allowing remote attackers to include and execute arbitrary local Perl files, and possibly execute arbitrary code via unspecified vectors. **Recommendations** For Movable Type Pro, Open Source, and Advanced versions prior to 5.2.12, update to version 5.2.12 or later. For Movable Type Pro and Advanced versions 6.0.x prior to 6.0.7, update to version 6.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** HTML::EP module versions 0.2011 **Description** The issue arises from the improper use of the Storable::thaw function in the Session::Cookie component of the HTML::EP module for Perl. This allows remote attackers to execute arbitrary code via a crafted request that is not properly handled when deserialized. **Recommendations** For HTML::EP module version 0.2011, consider disabling the use of the Session::Cookie component until a patch is available. Restrict access to the Storable::thaw function to minimize the risk of exploitation. Avoid using the Session::Cookie component in the HTML::EP module until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** App::Context versions 0.01 through 0.968 **Description** The issue arises from the improper use of the Storable::thaw function in the App::Context module for Perl. This allows remote attackers to execute arbitrary code via a crafted request to API endpoints such as (1) "App::Session::Cookie" or (2) "App::Session::HTMLHidden". The problem occurs when the request is not properly handled during deserialization. **Recommendations** For App::Context versions 0.01 through 0.968, consider disabling the use of the Storable::thaw function until a proper fix is available. Restrict access to the App::Session::Cookie and App::Session::HTMLHidden modules to minimize the risk of exploitation. Avoid using these modules in deserialization processes until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Spoon module version 0.24 **Description** The issue arises from improper use of the Storable::thaw function in the Spoon::Cookie component of the Spoon module for Perl. This allows remote attackers to execute arbitrary code by sending a crafted request. The request is not properly handled when it is deserialized. **Recommendations** For Spoon module version 0.24, consider disabling the use of the Storable::thaw function as a temporary workaround until a patch is available. Restrict access to the Spoon::Cookie component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Super version 3.30.0 **Description** The issue allows local users to gain privileges via unspecified vectors, related to an RLIMIT NPROC attack, due to the setuid function's return value not being checked when the -F flag is set in the super.c file. **Recommendations** For Super version 3.30.0, consider updating to a newer version that includes a fix for this issue, as the current version does not properly check the return value of the setuid function, potentially allowing privilege escalation.

**Name of the Vulnerable Software and Affected Versions** MARC::File::XML module versions prior to 1.0.2 **Description** The issue allows context-dependent attackers to read arbitrary files via a crafted XML file, potentially affecting products such as Evergreen, Koha, and perl4lib that utilize the MARC::File::XML module for Perl. **Recommendations** For MARC::File::XML module versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Monkey HTTP Daemon version 0.9.3 **Description** The issue allows local users to potentially bypass intended file-read restrictions. This is due to the software retaining the supplementary group IDs of the root account during operations with a non-root effective UID, and a race condition in a file-permission check. **Recommendations** For Monkey HTTP Daemon version 0.9.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Monkey HTTP Daemon version 0.9.3 **Description** The issue allows local users to potentially gain privileges by exploiting cgi-bin write access during the execution of CGI scripts, as the software uses a real UID of root and a real GID of root. **Recommendations** For Monkey HTTP Daemon version 0.9.3, consider restricting write access to the cgi-bin directory to prevent potential privilege escalation.

**Name of the Vulnerable Software and Affected Versions** File::Temp module for Perl (affected versions not specified) **Description** The issue is related to the ` is safe` function in the File::Temp module for Perl, which does not properly handle symlinks. This can potentially allow a remote attacker to impact data integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.