PT-2018-2303 · Perl+5 · Perl+5

Publicado

2018-06-07

Atualizado

2020-08-24

CVE-2018-12015

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Perl versions through 5.26.2

Description The issue is related to the Archive::Tar module in Perl, which has a flaw in its directory-traversal protection mechanism. This flaw allows remote attackers to bypass the protection and overwrite arbitrary files using an archive file that contains a symlink and a regular file with the same name.

Recommendations For Perl versions through 5.26.2, consider disabling the Archive::Tar module until a patch is available to prevent exploitation of this issue. Restrict access to archive files that may contain symlinks to minimize the risk of arbitrary file overwrites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22CWE-59

Identificadores relacionados

ALT-PU-2018-1918

ALT-PU-2019-1131

BDU:2019-00435

CESA-2019_2097

CVE-2018-12015

DSA-4226-1

OPENSUSE-SU-2018_2010-1

OPENSUSE-SU-2018_2011-1

RHSA-2019:2097

RHSA-2019_2097

RHSA-2026:7604

SUSE-SU-2018:1972-1

SUSE-SU-2018:1972-2

SUSE-SU-2018:1977-1

SUSE-SU-2018:1992-1

SUSE-SU-2018_1972-1

SUSE-SU-2018_1972-2

SUSE-SU-2018_1977-1

SUSE-SU-2018_1992-1

USN-3684-1

USN-3684-2

Produtos afetados

Alt Linux

Centos

Perl

Red Hat

Suse

Ubuntu

PT-2018-2303 · Perl+5 · Perl+5

CVE-2018-12015

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 47