CVE-2016-6185
HIGHPerl >=5.23.0 <5.24.1 - Local Arbitrary Code Execution via XSLoader::load Method
Title source: llmDescription
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
References (14)
Core 14
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-75
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3625-2/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036260
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3628
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Issue Tracking, Vendor Advisory x_refsource_confirm
http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91685
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/07/07/1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/07/08/5
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3625-1/
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://rt.cpan.org/Public/Bug/Display.html?id=115808
Scores
CVSS v3
7.8
EPSS
0.0079
EPSS Percentile
52.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (11)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.10
debian/debian_linux
8.0
fedoraproject/fedora
22
fedoraproject/fedora
23
fedoraproject/fedora
24
oracle/solaris
10
oracle/solaris
11.3
... and 1 more
Published
Aug 02, 2016
Tracked Since
Feb 18, 2026