CVE-2015-3408 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
module-signature_project	module-signature	𝑥 ≤ 0.73
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10
canonical	ubuntu_linux	15.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libmodule-signature-perl

bullseye	0.87-1 fixed
bookworm	0.88-2 fixed
sid	0.89-1 fixed
trixie	0.89-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libmodule-signature-perl

vivid	Fixed 0.73-1ubuntu0.15.04.1 released
utopic	Fixed 0.73-1ubuntu0.14.10.1 released
trusty	Fixed 0.73-1ubuntu0.14.04.1 released
precise	Fixed 0.68-1ubuntu0.12.04.2 released
lucid	ignored

Common Weakness Enumeration

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References

http://ubuntu.com/usn/usn-2607-1

http://www.debian.org/security/2015/dsa-3261

http://www.openwall.com/lists/oss-security/2015/04/07/1

http://www.openwall.com/lists/oss-security/2015/04/23/17

https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f

https://metacpan.org/changes/distribution/Module-Signature

http://ubuntu.com/usn/usn-2607-1

http://www.debian.org/security/2015/dsa-3261

http://www.openwall.com/lists/oss-security/2015/04/07/1

http://www.openwall.com/lists/oss-security/2015/04/23/17

https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f

https://metacpan.org/changes/distribution/Module-Signature