The cpansign verify functionality in the Module::Signature module prior to 0.72 for Perl allows malicious users to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 13.04 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 12.04 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.2 |
||
perlmonks module |