FreeBSD : p5-PathTools -- File::Spec::canonpath loses taint (333f655a-b93a-11e5-9efa-5453ed2e2b49)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Ricardo Signes reports :

Beginning in PathTools 3.47 and/or perl 5.20.0, the
File::Spec::canonpath() routine returned untained strings even if
passed tainted input. This defect undermines the guarantee of taint
propagation, which is sometimes used to ensure that unvalidated user
input does not reach sensitive code.

This defect was found and reported by David Golden of MongoDB.

See also :

https://rt.perl.org/Public/Bug/Display.html?id=126862
http://www.nessus.org/u?43a2ea13

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 87885 ()

Bugtraq ID:

CVE ID: CVE-2015-8607

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now