CVE-2014-10402

CVSS v2.0

6.2

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions DBI module through 1.643 for Perl

Description The issue is related to the DBI module for Perl, where the DBD::File drivers can open files from folders other than those specifically passed via the f dir attribute in the data source name (DSN). This is due to an incomplete fix for a previous issue. Exploitation of this issue can allow an attacker to access confidential data and cause a denial of service.

Recommendations For DBI module through 1.643 for Perl, consider restricting access to sensitive files and folders to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the f dir attribute in the DSN to prevent unauthorized file access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALT-PU-2022-3385

AZL-41925

BDU:2022-05974

CVE-2014-10402

DLA-3035-1

MGASA-2021-0451

OESA-2022-1641

OPENSUSE-SU-2020:2051-1

OPENSUSE-SU-2020:2064-1

OPENSUSE-SU-2020_2051-1

OPENSUSE-SU-2020_2064-1

OPENSUSE-SU-2024:11161-1

SUSE-SU-2020:3384-1

SUSE-SU-2020:3385-1

SUSE-SU-2024:3136-1

USN-5030-1

USN-5030-2

Affected Products

Alt Linux

Astra Linux

Dbi

Linuxmint

Red Os

Suse

Ubuntu

CVE-2014-10402

Weakness Enumeration

Related Identifiers

Affected Products

References · 47