CPANSA-ActivePerl-2006-2856: ActivePerl vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2006-06-06T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2006-06-06T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score		Severity
Original language		Language	en
Also referred to

Vulnerability Description

ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerabilities

CVE-2006-2856

Vulnerability Description

Product status

Known affected

Product

Score

ActivePerl equal 5.8.8.817

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
2.0	AV:L/AC:L/Au:N/C:P/I:P/A:P	4.6	Medium

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-ActivePerl-2006-2856 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2006/cpansa-activeperl-2006-2856.json
http://secunia.com/advisories/20328 external
http://secunia.com/advisories/20328
http://www.securityfocus.com/bid/18269 external
http://www.securityfocus.com/bid/18269
http://www.osvdb.org/25974 external
http://www.osvdb.org/25974
http://www.vupen.com/english/advisories/2006/2140 external
http://www.vupen.com/english/advisories/2006/2140
https://exchange.xforce.ibmcloud.com/vulnerabilities/26915 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/26915
CVE-2006-2856 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2006-2856

Revision history

Version	Date of the revision	Summary of the revision
1	Tue Jun 6 00:00:00 2006	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/