FreeBSD : p5-PathTools -- File::Spec::canonpath loses taint (333f655a-b93a-11e5-9efa-5453ed2e2b49)

High Nessus Plugin ID 87885


The remote FreeBSD host is missing one or more security-related updates.


Ricardo Signes reports :

Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath() routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code.

This defect was found and reported by David Golden of MongoDB.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 87885

File Name: freebsd_pkg_333f655ab93a11e59efa5453ed2e2b49.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2016/01/13

Modified: 2016/10/19

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P


Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:p5-PathTools, p-cpe:/a:freebsd:freebsd:perl5, p-cpe:/a:freebsd:freebsd:perl5-devel, p-cpe:/a:freebsd:freebsd:perl5.20, p-cpe:/a:freebsd:freebsd:perl5.22, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/01/12

Vulnerability Publication Date: 2016/01/11

Reference Information

CVE: CVE-2015-8607