Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-3407

Published: 19/05/2015 Updated: 04/11/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Ubuntu Linux

Vulnerability Summary

Module::Signature prior to 0.74 allows remote malicious users to bypass signature verification for files via a signature file that does not list the files.

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 14.10

canonical ubuntu linux 15.04

module-signature project module-signature

Vendor Advisories

Debian CVElist Bug Report Logs: libmodule-signature-perl: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409
Debian Bug report logs - #783451 libmodule-signature-perl: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409 Package: src:libmodule-signature-perl; Maintainer for src:libmodule-signature-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> ...
Ubuntu Security Notice: libmodule-signature-perl vulnerabilities
Several security issues were fixed in Module::Signature ...
Debian Security Advisories: DSA-3261-1 libmodule-signature-perl -- security update
Multiple vulnerabilities were discovered in libmodule-signature-perl, a Perl module to manipulate CPAN SIGNATURE files The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-3406 John Lightsey discovered that Module::Signature could parse the unsigned portion of the SIGNATURE file as the signed portio ...
Red Hat: CVE-2015-3407
Module::Signature before 074 allows remote attackers to bypass signature verification for files via a signature file that does not list the files ...

References

CWE-284https://metacpan.org/changes/distribution/Module-Signaturehttp://ubuntu.com/usn/usn-2607-1http://www.openwall.com/lists/oss-security/2015/04/23/17http://www.openwall.com/lists/oss-security/2015/04/07/1https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372fhttp://www.debian.org/security/2015/dsa-3261https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783451https://usn.ubuntu.com/2607-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-3407
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook