PT-2016-3420 · Perl+2 · Perl+2

John Lightsey

Publicado

2016-07-25

Atualizado

2025-04-01

CVE-2016-1238

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.22.3-RC2 Perl versions 5.24 prior to 5.24.1-RC2

Description The issue is related to errors in privilege management in the Perl interpreter, specifically with the handling of the included directory array ("@INC"). This could allow a local user to gain privileges via a Trojan horse module under the current working directory by exploiting the failure to properly remove period characters from the end of the includes directory array.

Recommendations For Perl versions prior to 5.22.3-RC2, update to version 5.22.3-RC2 or later. For Perl versions 5.24 prior to 5.24.1-RC2, update to version 5.24.1-RC2 or later. As a temporary workaround, consider restricting access to the vulnerable modules under the current working directory to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2017-1051

ALT-PU-2017-2043

BDU:2022-02560

CVE-2016-1238

DLA-1578-1

DLA-565-1

DLA-584-1

DSA-3628-1

MGASA-2018-0047

MGASA-2018-0425

OPENSUSE-SU-2019:0297-1

OPENSUSE-SU-2019:1831-1

OPENSUSE-SU-2019_0297-1

OPENSUSE-SU-2019_1831-1

OPENSUSE-SU-2024:10523-1

OPENSUSE-SU-2024:10614-1

OPENSUSE-SU-2024:10860-1

OPENSUSE-SU-2024:11162-1

OPENSUSE-SU-2024:11163-1

OPENSUSE-SU-2024:11706-1

OPENSUSE-SU-2025:14657-1

SUSE-SU-2016:2246-1

SUSE-SU-2016:2263-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

SUSE-SU-2019:0505-1

SUSE-SU-2019:1961-1

SUSE-SU-2019:2011-1

SUSE-SU-2019_0505-1

Produtos afetados

Alt Linux

Perl

Suse

PT-2016-3420 · Perl+2 · Perl+2

CVE-2016-1238

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 133