CVE-2016-6185

MEDIUM

Description

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

References

http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7

http://www.debian.org/security/2016/dsa-3628

http://www.openwall.com/lists/oss-security/2016/07/07/1

http://www.openwall.com/lists/oss-security/2016/07/08/5

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.securityfocus.com/bid/91685

http://www.securitytracker.com/id/1036260

https://lists.fedoraproject.org/archives/list/[email protected]/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/

https://lists.fedoraproject.org/archives/list/[email protected]/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/

https://rt.cpan.org/Public/Bug/Display.html?id=115808

https://security.gentoo.org/glsa/201701-75

https://usn.ubuntu.com/3625-1/

https://usn.ubuntu.com/3625-2/

Details

Source: MITRE

Published: 2016-08-02

Updated: 2018-05-02

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (12 total)

ID	Name	Product	Family	Severity
129228	EulerOS 2.0 SP3 : perl (EulerOS-SA-2019-2035)	Nessus	Huawei Local Security Checks	medium
109086	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : perl vulnerabilities (USN-3625-1)	Nessus	Ubuntu Local Security Checks	high
96861	GLSA-201701-75 : Perl: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
93583	openSUSE Security Update : perl (openSUSE-2016-1086)	Nessus	SuSE Local Security Checks	high
93437	SUSE SLED12 / SLES12 Security Update : perl (SUSE-SU-2016:2263-1)	Nessus	SuSE Local Security Checks	high
93371	SUSE SLES11 Security Update : perl (SUSE-SU-2016:2246-1)	Nessus	SuSE Local Security Checks	high
92739	FreeBSD : p5-XSLoader -- local arbitrary code execution (3e08047f-5a6c-11e6-a6c3-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	medium
92613	Debian DLA-565-1 : perl security update	Nessus	Debian Local Security Checks	high
92548	Debian DSA-3628-1 : perl - security update	Nessus	Debian Local Security Checks	high
92388	Fedora 23 : 4:perl (2016-742bde2be7)	Nessus	Fedora Local Security Checks	medium
92386	Fedora 24 : 4:perl (2016-485dff6060)	Nessus	Fedora Local Security Checks	medium
92335	Fedora 22 : 4:perl (2016-eb2592245b)	Nessus	Fedora Local Security Checks	medium

CVE-2016-6185

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins