Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-3408

Published: 19/05/2015 Updated: 04/11/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Module-signature

Vulnerability Summary

Module::Signature prior to 0.74 allows remote malicious users to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

Vulnerable Product Search on Vulmon Subscribe to Product

module-signature project module-signature

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 14.10

canonical ubuntu linux 15.04

Vendor Advisories

Debian CVElist Bug Report Logs: libmodule-signature-perl: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409
Debian Bug report logs - #783451 libmodule-signature-perl: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409 Package: src:libmodule-signature-perl; Maintainer for src:libmodule-signature-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> ...
Ubuntu Security Notice: libmodule-signature-perl vulnerabilities
Several security issues were fixed in Module::Signature ...
Debian Security Advisories: DSA-3261-1 libmodule-signature-perl -- security update
Multiple vulnerabilities were discovered in libmodule-signature-perl, a Perl module to manipulate CPAN SIGNATURE files The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-3406 John Lightsey discovered that Module::Signature could parse the unsigned portion of the SIGNATURE file as the signed portio ...
Red Hat: CVE-2015-3408
Module::Signature before 074 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest ...

References

CWE-77https://metacpan.org/changes/distribution/Module-Signaturehttp://ubuntu.com/usn/usn-2607-1http://www.openwall.com/lists/oss-security/2015/04/23/17http://www.openwall.com/lists/oss-security/2015/04/07/1https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372fhttp://www.debian.org/security/2015/dsa-3261https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783451https://usn.ubuntu.com/2607-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-3408
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook