CVE-2016-1238

EUVD-2016-2339
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
8.0
perlperl
1.0.15
perlperl
1.0.16
perlperl
5.000
perlperl
5.000o:o
perlperl
5.001
perlperl
5.001n:n
perlperl
5.002
perlperl
5.002_01:_01
perlperl
5.003
perlperl
5.003_01:_01
perlperl
5.003_02:_02
perlperl
5.003_03:_03
perlperl
5.003_04:_04
perlperl
5.003_05:_05
perlperl
5.003_07:_07
perlperl
5.003_08:_08
perlperl
5.003_09:_09
perlperl
5.003_10:_10
perlperl
5.003_11:_11
perlperl
5.003_12:_12
perlperl
5.003_13:_13
perlperl
5.003_14:_14
perlperl
5.003_15:_15
perlperl
5.003_16:_16
perlperl
5.003_17:_17
perlperl
5.003_18:_18
perlperl
5.003_19:_19
perlperl
5.003_20:_20
perlperl
5.003_21:_21
perlperl
5.003_22:_22
perlperl
5.003_23:_23
perlperl
5.003_24:_24
perlperl
5.003_25:_25
perlperl
5.003_26:_26
perlperl
5.003_27:_27
perlperl
5.003_28:_28
perlperl
5.003_90:_90
perlperl
5.003_91:_91
perlperl
5.003_92:_92
perlperl
5.003_93:_93
perlperl
5.003_94:_94
perlperl
5.003_95:_95
perlperl
5.003_96:_96
perlperl
5.003_97:_97
perlperl
5.003_97a:_97a
perlperl
5.003_97b:_97b
perlperl
5.003_97c:_97c
perlperl
5.003_97d:_97d
perlperl
5.003_97e:_97e
perlperl
5.003_97f:_97f
perlperl
5.003_97g:_97g
perlperl
5.003_97h:_97h
perlperl
5.003_97i:_97i
perlperl
5.003_97j:_97j
perlperl
5.003_98:_98
perlperl
5.003_99:_99
perlperl
5.003_99a:_99a
perlperl
5.004
perlperl
5.004_01:_01
perlperl
5.004_02:_02
perlperl
5.004_03:_03
perlperl
5.004_04:_04
perlperl
5.004_05:_05
perlperl
5.005
perlperl
5.005_01:_01
perlperl
5.005_02:_02
perlperl
5.005_03:_03
perlperl
5.005_04:_04
perlperl
5.6
perlperl
5.6.0
perlperl
5.6.1
perlperl
5.6.2
perlperl
5.7.3
perlperl
5.8
perlperl
5.8.0
perlperl
5.8.1
perlperl
5.8.2
perlperl
5.8.3
perlperl
5.8.4
perlperl
5.8.5
perlperl
5.8.6
perlperl
5.8.7
perlperl
5.8.8
perlperl
5.8.9
perlperl
5.8.9:rc1
perlperl
5.9.0
perlperl
5.9.1
perlperl
5.9.2
perlperl
5.9.3
perlperl
5.9.4
perlperl
5.9.5
perlperl
5.10
perlperl
5.10.0
perlperl
5.10.1
perlperl
5.10.1:rc1
perlperl
5.10.1:rc2
perlperl
5.11.0
perlperl
5.11.1
perlperl
5.11.2
perlperl
5.11.3
perlperl
5.11.4
perlperl
5.11.5
perlperl
5.12.0
perlperl
5.12.0:rc0
perlperl
5.12.0:rc1
perlperl
5.12.0:rc2
perlperl
5.12.0:rc3
perlperl
5.12.0:rc4
perlperl
5.12.0:rc5
perlperl
5.12.1
perlperl
5.12.1:rc0
perlperl
5.12.1:rc1
perlperl
5.12.1:rc2
perlperl
5.12.2
perlperl
5.12.2:rc1
perlperl
5.12.3
perlperl
5.12.3:rc1
perlperl
5.12.3:rc2
perlperl
5.12.3:rc3
perlperl
5.12.4
perlperl
5.12.4:rc1
perlperl
5.12.4:rc2
perlperl
5.12.5
perlperl
5.12.5:rc1
perlperl
5.12.5:rc2
perlperl
5.13.0
perlperl
5.13.1
perlperl
5.13.2
perlperl
5.13.3
perlperl
5.13.4
perlperl
5.13.5
perlperl
5.13.6
perlperl
5.13.7
perlperl
5.13.8
perlperl
5.13.9
perlperl
5.13.10
perlperl
5.13.11
perlperl
5.14.0
perlperl
5.14.0:rc1
perlperl
5.14.0:rc2
perlperl
5.14.0:rc3
perlperl
5.14.1
perlperl
5.14.1:rc1
perlperl
5.14.2
perlperl
5.14.2:rc1
perlperl
5.14.3
perlperl
5.14.3:rc1
perlperl
5.14.3:rc2
perlperl
5.14.4
perlperl
5.14.4:rc1
perlperl
5.14.4:rc2
perlperl
5.15.0
perlperl
5.15.1
perlperl
5.15.2
perlperl
5.15.3
perlperl
5.15.4
perlperl
5.15.5
perlperl
5.15.6
perlperl
5.15.7
perlperl
5.15.8
perlperl
5.15.9
perlperl
5.16.0
perlperl
5.16.0:rc1
perlperl
5.16.0:rc2
perlperl
5.16.1
perlperl
5.16.2
perlperl
5.16.3
perlperl
5.16.3:rc1
perlperl
5.17.0
perlperl
5.17.1
perlperl
5.17.2
perlperl
5.17.3
perlperl
5.17.4
perlperl
5.17.5
perlperl
5.17.6
perlperl
5.17.7
perlperl
5.17.7.0
perlperl
5.17.8
perlperl
5.17.9
perlperl
5.17.10
perlperl
5.17.11
perlperl
5.18.0
perlperl
5.18.0:rc1
perlperl
5.18.0:rc2
perlperl
5.18.0:rc3
perlperl
5.18.0:rc4
perlperl
5.18.1
perlperl
5.18.2
perlperl
5.18.2:rc1
perlperl
5.18.2:rc2
perlperl
5.18.2:rc3
perlperl
5.18.2:rc4
perlperl
5.18.3
perlperl
5.18.3:rc1
perlperl
5.18.3:rc2
perlperl
5.18.4
perlperl
5.19.0
perlperl
5.19.1
perlperl
5.19.2
perlperl
5.19.3
perlperl
5.19.4
perlperl
5.19.5
perlperl
5.19.6
perlperl
5.19.7
perlperl
5.19.8
perlperl
5.19.9
perlperl
5.19.10
perlperl
5.19.11
perlperl
5.20.0
perlperl
5.20.0:rc1
perlperl
5.20.1
perlperl
5.20.1:rc1
perlperl
5.20.1:rc2
perlperl
5.20.2
perlperl
5.20.2:rc1
perlperl
5.20.3
perlperl
5.20.3:rc1
perlperl
5.20.3:rc2
perlperl
5.21.0
perlperl
5.21.1
perlperl
5.21.2
perlperl
5.21.3
perlperl
5.21.4
perlperl
5.21.5
perlperl
5.21.6
perlperl
5.21.7
perlperl
5.21.8
perlperl
5.21.9
perlperl
5.21.10
perlperl
5.21.11
perlperl
5.22.0
perlperl
5.22.0:rc1
perlperl
5.22.0:rc2
perlperl
5.22.1
perlperl
5.22.1:rc1
perlperl
5.22.1:rc2
perlperl
5.22.1:rc3
perlperl
5.22.1:rc4
perlperl
5.22.2
perlperl
5.22.2:rc1
perlperl
5.22.3:rc1
perlperl
5.24.0
perlperl
5.24.0:rc1
perlperl
5.24.0:rc2
perlperl
5.24.0:rc3
perlperl
5.24.0:rc4
perlperl
5.24.0:rc5
perlperl
5.24.1:rc1
opensuseleap
15.0
apachespamassassin
𝑥
< 3.4.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
perl
bookworm
5.36.0-7+deb12u1
fixed
bullseye
5.32.1-4+deb11u3
fixed
bullseye (security)
5.32.1-4+deb11u4
fixed
sid
5.40.0-6
fixed
trixie
5.40.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libsys-syslog-perl
artful
dne
bionic
dne
cosmic
dne
precise
Fixed 0.29-1+deb7u1build0.12.04.1
released
trusty
Fixed 0.33-1+deb8u1build0.14.04.1
released
wily
ignored
xenial
dne
yakkety
dne
zesty
dne
perl
artful
not-affected
bionic
not-affected
cosmic
not-affected
precise
ignored
trusty
ignored
wily
ignored
xenial
ignored
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab
http://www.debian.org/security/2016/dsa-3628
http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
http://www.securityfocus.com/bid/92136
http://www.securitytracker.com/id/1036440
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/
https://rt.perl.org/Public/Bug/Display.html?id=127834
https://security.gentoo.org/glsa/201701-75
https://security.gentoo.org/glsa/201812-07
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab
http://www.debian.org/security/2016/dsa-3628
http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
http://www.securityfocus.com/bid/92136
http://www.securitytracker.com/id/1036440
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/
https://rt.perl.org/Public/Bug/Display.html?id=127834
https://security.gentoo.org/glsa/201701-75
https://security.gentoo.org/glsa/201812-07