CPANSA-PlRPC-2013-7284: PlRPC vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2014-04-29T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2014-04-29T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score		Severity
Original language		Language	en
Also referred to

Vulnerability Description

The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.

Vulnerabilities

CVE-2013-7284

Vulnerability Description

Weakness	CWE-94 : Improper Control of Generation of Code ('Code Injection')

Product status

Known affected

Product

Score

PlRPC less than or equal 0.2020

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
2.0	AV:N/AC:M/Au:N/C:P/I:P/A:P	6.8	Medium

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-PlRPC-2013-7284 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2014/cpansa-plrpc-2013-7284.json
https://bugzilla.redhat.com/show_bug.cgi?id=1051108 external
https://bugzilla.redhat.com/show_bug.cgi?id=1051108
http://seclists.org/oss-sec/2014/q1/56 external
http://seclists.org/oss-sec/2014/q1/56
http://seclists.org/oss-sec/2014/q1/62 external
http://seclists.org/oss-sec/2014/q1/62
https://bugzilla.redhat.com/show_bug.cgi?id=1030572 external
https://bugzilla.redhat.com/show_bug.cgi?id=1030572
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789 external
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789
https://rt.cpan.org/Public/Bug/Display.html?id=90474 external
https://rt.cpan.org/Public/Bug/Display.html?id=90474
CVE-2013-7284 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2013-7284

Revision history

Version	Date of the revision	Summary of the revision
1	Tue Apr 29 00:00:00 2014	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/