CVE-2015-3408

Name of the Vulnerable Software and Affected Versions Module::Signature versions prior to 0.74

Description The issue is related to the lack of input sanitization in the Module::Signature module of the Ubuntu operating system. This can be exploited by a remote attacker to execute arbitrary shell commands using a specially crafted SIGNATURE file. The exploitation occurs when the module generates checksums from a signed manifest and does not properly handle the crafted file.

Recommendations For Module::Signature versions prior to 0.74, update to version 0.74 or later to resolve the issue. As a temporary workaround, consider restricting access to the Module::Signature module to minimize the risk of exploitation. Avoid using the module to generate checksums from signed manifests until the issue is resolved.