CVE-2016-1238
02.08.2016, 14:59
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| perl | perl | 1.0.15 |
| perl | perl | 1.0.16 |
| perl | perl | 5.000 |
| perl | perl | 5.000o:o |
| perl | perl | 5.001 |
| perl | perl | 5.001n:n |
| perl | perl | 5.002 |
| perl | perl | 5.002_01:_01 |
| perl | perl | 5.003 |
| perl | perl | 5.003_01:_01 |
| perl | perl | 5.003_02:_02 |
| perl | perl | 5.003_03:_03 |
| perl | perl | 5.003_04:_04 |
| perl | perl | 5.003_05:_05 |
| perl | perl | 5.003_07:_07 |
| perl | perl | 5.003_08:_08 |
| perl | perl | 5.003_09:_09 |
| perl | perl | 5.003_10:_10 |
| perl | perl | 5.003_11:_11 |
| perl | perl | 5.003_12:_12 |
| perl | perl | 5.003_13:_13 |
| perl | perl | 5.003_14:_14 |
| perl | perl | 5.003_15:_15 |
| perl | perl | 5.003_16:_16 |
| perl | perl | 5.003_17:_17 |
| perl | perl | 5.003_18:_18 |
| perl | perl | 5.003_19:_19 |
| perl | perl | 5.003_20:_20 |
| perl | perl | 5.003_21:_21 |
| perl | perl | 5.003_22:_22 |
| perl | perl | 5.003_23:_23 |
| perl | perl | 5.003_24:_24 |
| perl | perl | 5.003_25:_25 |
| perl | perl | 5.003_26:_26 |
| perl | perl | 5.003_27:_27 |
| perl | perl | 5.003_28:_28 |
| perl | perl | 5.003_90:_90 |
| perl | perl | 5.003_91:_91 |
| perl | perl | 5.003_92:_92 |
| perl | perl | 5.003_93:_93 |
| perl | perl | 5.003_94:_94 |
| perl | perl | 5.003_95:_95 |
| perl | perl | 5.003_96:_96 |
| perl | perl | 5.003_97:_97 |
| perl | perl | 5.003_97a:_97a |
| perl | perl | 5.003_97b:_97b |
| perl | perl | 5.003_97c:_97c |
| perl | perl | 5.003_97d:_97d |
| perl | perl | 5.003_97e:_97e |
| perl | perl | 5.003_97f:_97f |
| perl | perl | 5.003_97g:_97g |
| perl | perl | 5.003_97h:_97h |
| perl | perl | 5.003_97i:_97i |
| perl | perl | 5.003_97j:_97j |
| perl | perl | 5.003_98:_98 |
| perl | perl | 5.003_99:_99 |
| perl | perl | 5.003_99a:_99a |
| perl | perl | 5.004 |
| perl | perl | 5.004_01:_01 |
| perl | perl | 5.004_02:_02 |
| perl | perl | 5.004_03:_03 |
| perl | perl | 5.004_04:_04 |
| perl | perl | 5.004_05:_05 |
| perl | perl | 5.005 |
| perl | perl | 5.005_01:_01 |
| perl | perl | 5.005_02:_02 |
| perl | perl | 5.005_03:_03 |
| perl | perl | 5.005_04:_04 |
| perl | perl | 5.6 |
| perl | perl | 5.6.0 |
| perl | perl | 5.6.1 |
| perl | perl | 5.6.2 |
| perl | perl | 5.7.3 |
| perl | perl | 5.8 |
| perl | perl | 5.8.0 |
| perl | perl | 5.8.1 |
| perl | perl | 5.8.2 |
| perl | perl | 5.8.3 |
| perl | perl | 5.8.4 |
| perl | perl | 5.8.5 |
| perl | perl | 5.8.6 |
| perl | perl | 5.8.7 |
| perl | perl | 5.8.8 |
| perl | perl | 5.8.9 |
| perl | perl | 5.8.9:rc1 |
| perl | perl | 5.9.0 |
| perl | perl | 5.9.1 |
| perl | perl | 5.9.2 |
| perl | perl | 5.9.3 |
| perl | perl | 5.9.4 |
| perl | perl | 5.9.5 |
| perl | perl | 5.10 |
| perl | perl | 5.10.0 |
| perl | perl | 5.10.1 |
| perl | perl | 5.10.1:rc1 |
| perl | perl | 5.10.1:rc2 |
| perl | perl | 5.11.0 |
| perl | perl | 5.11.1 |
| perl | perl | 5.11.2 |
| perl | perl | 5.11.3 |
| perl | perl | 5.11.4 |
| perl | perl | 5.11.5 |
| perl | perl | 5.12.0 |
| perl | perl | 5.12.0:rc0 |
| perl | perl | 5.12.0:rc1 |
| perl | perl | 5.12.0:rc2 |
| perl | perl | 5.12.0:rc3 |
| perl | perl | 5.12.0:rc4 |
| perl | perl | 5.12.0:rc5 |
| perl | perl | 5.12.1 |
| perl | perl | 5.12.1:rc0 |
| perl | perl | 5.12.1:rc1 |
| perl | perl | 5.12.1:rc2 |
| perl | perl | 5.12.2 |
| perl | perl | 5.12.2:rc1 |
| perl | perl | 5.12.3 |
| perl | perl | 5.12.3:rc1 |
| perl | perl | 5.12.3:rc2 |
| perl | perl | 5.12.3:rc3 |
| perl | perl | 5.12.4 |
| perl | perl | 5.12.4:rc1 |
| perl | perl | 5.12.4:rc2 |
| perl | perl | 5.12.5 |
| perl | perl | 5.12.5:rc1 |
| perl | perl | 5.12.5:rc2 |
| perl | perl | 5.13.0 |
| perl | perl | 5.13.1 |
| perl | perl | 5.13.2 |
| perl | perl | 5.13.3 |
| perl | perl | 5.13.4 |
| perl | perl | 5.13.5 |
| perl | perl | 5.13.6 |
| perl | perl | 5.13.7 |
| perl | perl | 5.13.8 |
| perl | perl | 5.13.9 |
| perl | perl | 5.13.10 |
| perl | perl | 5.13.11 |
| perl | perl | 5.14.0 |
| perl | perl | 5.14.0:rc1 |
| perl | perl | 5.14.0:rc2 |
| perl | perl | 5.14.0:rc3 |
| perl | perl | 5.14.1 |
| perl | perl | 5.14.1:rc1 |
| perl | perl | 5.14.2 |
| perl | perl | 5.14.2:rc1 |
| perl | perl | 5.14.3 |
| perl | perl | 5.14.3:rc1 |
| perl | perl | 5.14.3:rc2 |
| perl | perl | 5.14.4 |
| perl | perl | 5.14.4:rc1 |
| perl | perl | 5.14.4:rc2 |
| perl | perl | 5.15.0 |
| perl | perl | 5.15.1 |
| perl | perl | 5.15.2 |
| perl | perl | 5.15.3 |
| perl | perl | 5.15.4 |
| perl | perl | 5.15.5 |
| perl | perl | 5.15.6 |
| perl | perl | 5.15.7 |
| perl | perl | 5.15.8 |
| perl | perl | 5.15.9 |
| perl | perl | 5.16.0 |
| perl | perl | 5.16.0:rc1 |
| perl | perl | 5.16.0:rc2 |
| perl | perl | 5.16.1 |
| perl | perl | 5.16.2 |
| perl | perl | 5.16.3 |
| perl | perl | 5.16.3:rc1 |
| perl | perl | 5.17.0 |
| perl | perl | 5.17.1 |
| perl | perl | 5.17.2 |
| perl | perl | 5.17.3 |
| perl | perl | 5.17.4 |
| perl | perl | 5.17.5 |
| perl | perl | 5.17.6 |
| perl | perl | 5.17.7 |
| perl | perl | 5.17.7.0 |
| perl | perl | 5.17.8 |
| perl | perl | 5.17.9 |
| perl | perl | 5.17.10 |
| perl | perl | 5.17.11 |
| perl | perl | 5.18.0 |
| perl | perl | 5.18.0:rc1 |
| perl | perl | 5.18.0:rc2 |
| perl | perl | 5.18.0:rc3 |
| perl | perl | 5.18.0:rc4 |
| perl | perl | 5.18.1 |
| perl | perl | 5.18.2 |
| perl | perl | 5.18.2:rc1 |
| perl | perl | 5.18.2:rc2 |
| perl | perl | 5.18.2:rc3 |
| perl | perl | 5.18.2:rc4 |
| perl | perl | 5.18.3 |
| perl | perl | 5.18.3:rc1 |
| perl | perl | 5.18.3:rc2 |
| perl | perl | 5.18.4 |
| perl | perl | 5.19.0 |
| perl | perl | 5.19.1 |
| perl | perl | 5.19.2 |
| perl | perl | 5.19.3 |
| perl | perl | 5.19.4 |
| perl | perl | 5.19.5 |
| perl | perl | 5.19.6 |
| perl | perl | 5.19.7 |
| perl | perl | 5.19.8 |
| perl | perl | 5.19.9 |
| perl | perl | 5.19.10 |
| perl | perl | 5.19.11 |
| perl | perl | 5.20.0 |
| perl | perl | 5.20.0:rc1 |
| perl | perl | 5.20.1 |
| perl | perl | 5.20.1:rc1 |
| perl | perl | 5.20.1:rc2 |
| perl | perl | 5.20.2 |
| perl | perl | 5.20.2:rc1 |
| perl | perl | 5.20.3 |
| perl | perl | 5.20.3:rc1 |
| perl | perl | 5.20.3:rc2 |
| perl | perl | 5.21.0 |
| perl | perl | 5.21.1 |
| perl | perl | 5.21.2 |
| perl | perl | 5.21.3 |
| perl | perl | 5.21.4 |
| perl | perl | 5.21.5 |
| perl | perl | 5.21.6 |
| perl | perl | 5.21.7 |
| perl | perl | 5.21.8 |
| perl | perl | 5.21.9 |
| perl | perl | 5.21.10 |
| perl | perl | 5.21.11 |
| perl | perl | 5.22.0 |
| perl | perl | 5.22.0:rc1 |
| perl | perl | 5.22.0:rc2 |
| perl | perl | 5.22.1 |
| perl | perl | 5.22.1:rc1 |
| perl | perl | 5.22.1:rc2 |
| perl | perl | 5.22.1:rc3 |
| perl | perl | 5.22.1:rc4 |
| perl | perl | 5.22.2 |
| perl | perl | 5.22.2:rc1 |
| perl | perl | 5.22.3:rc1 |
| perl | perl | 5.24.0 |
| perl | perl | 5.24.0:rc1 |
| perl | perl | 5.24.0:rc2 |
| perl | perl | 5.24.0:rc3 |
| perl | perl | 5.24.0:rc4 |
| perl | perl | 5.24.0:rc5 |
| perl | perl | 5.24.1:rc1 |
| opensuse | leap | 15.0 |
| apache | spamassassin | 𝑥 < 3.4.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libsys-syslog-perl |
| ||||||||||||||||||
| perl |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| amavisd-new |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| amavisd-new-docs |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| perl |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| perl-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| perl-Archive-Extract |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| perl-ExtUtils-MakeMaker |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| perl-MIME-Charset |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| perl-Mail-SpamAssassin |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| perl-Mail-SpamAssassin-Plugin-iXhash2 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| perl-Module-Load-Conditional |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| perl-base |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| perl-doc |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| spamassassin |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| system-user-vscan |
|
Common Weakness Enumeration
References