Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2016-1238

Disclosure Date: August 02, 2016
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • apache,
  • debian,
  • fedoraproject,
  • opensuse,
  • perl

Products

  • debian linux 8.0,
  • fedora 23,
  • fedora 24,
  • leap 15.0,
  • perl 1.0.15,
  • perl 1.0.16,
  • perl 5.000,
  • perl 5.000o,
  • perl 5.001,
  • perl 5.001n,
  • perl 5.002,
  • perl 5.002 01,
  • perl 5.003,
  • perl 5.003 01,
  • perl 5.003 02,
  • perl 5.003 03,
  • perl 5.003 04,
  • perl 5.003 05,
  • perl 5.003 07,
  • perl 5.003 08,
  • perl 5.003 09,
  • perl 5.003 10,
  • perl 5.003 11,
  • perl 5.003 12,
  • perl 5.003 13,
  • perl 5.003 14,
  • perl 5.003 15,
  • perl 5.003 16,
  • perl 5.003 17,
  • perl 5.003 18,
  • perl 5.003 19,
  • perl 5.003 20,
  • perl 5.003 21,
  • perl 5.003 22,
  • perl 5.003 23,
  • perl 5.003 24,
  • perl 5.003 25,
  • perl 5.003 26,
  • perl 5.003 27,
  • perl 5.003 28,
  • perl 5.003 90,
  • perl 5.003 91,
  • perl 5.003 92,
  • perl 5.003 93,
  • perl 5.003 94,
  • perl 5.003 95,
  • perl 5.003 96,
  • perl 5.003 97,
  • perl 5.003 97a,
  • perl 5.003 97b,
  • perl 5.003 97c,
  • perl 5.003 97d,
  • perl 5.003 97e,
  • perl 5.003 97f,
  • perl 5.003 97g,
  • perl 5.003 97h,
  • perl 5.003 97i,
  • perl 5.003 97j,
  • perl 5.003 98,
  • perl 5.003 99,
  • perl 5.003 99a,
  • perl 5.004,
  • perl 5.004 01,
  • perl 5.004 02,
  • perl 5.004 03,
  • perl 5.004 04,
  • perl 5.004 05,
  • perl 5.005,
  • perl 5.005 01,
  • perl 5.005 02,
  • perl 5.005 03,
  • perl 5.005 04,
  • perl 5.10,
  • perl 5.10.0,
  • perl 5.10.1,
  • perl 5.11.0,
  • perl 5.11.1,
  • perl 5.11.2,
  • perl 5.11.3,
  • perl 5.11.4,
  • perl 5.11.5,
  • perl 5.12.0,
  • perl 5.12.1,
  • perl 5.12.2,
  • perl 5.12.3,
  • perl 5.12.4,
  • perl 5.12.5,
  • perl 5.13.0,
  • perl 5.13.1,
  • perl 5.13.10,
  • perl 5.13.11,
  • perl 5.13.2,
  • perl 5.13.3,
  • perl 5.13.4,
  • perl 5.13.5,
  • perl 5.13.6,
  • perl 5.13.7,
  • perl 5.13.8,
  • perl 5.13.9,
  • perl 5.14.0,
  • perl 5.14.1,
  • perl 5.14.2,
  • perl 5.14.3,
  • perl 5.14.4,
  • perl 5.15.0,
  • perl 5.15.1,
  • perl 5.15.2,
  • perl 5.15.3,
  • perl 5.15.4,
  • perl 5.15.5,
  • perl 5.15.6,
  • perl 5.15.7,
  • perl 5.15.8,
  • perl 5.15.9,
  • perl 5.16.0,
  • perl 5.16.1,
  • perl 5.16.2,
  • perl 5.16.3,
  • perl 5.17.0,
  • perl 5.17.1,
  • perl 5.17.10,
  • perl 5.17.11,
  • perl 5.17.2,
  • perl 5.17.3,
  • perl 5.17.4,
  • perl 5.17.5,
  • perl 5.17.6,
  • perl 5.17.7,
  • perl 5.17.7.0,
  • perl 5.17.8,
  • perl 5.17.9,
  • perl 5.18.0,
  • perl 5.18.1,
  • perl 5.18.2,
  • perl 5.18.3,
  • perl 5.18.4,
  • perl 5.19.0,
  • perl 5.19.1,
  • perl 5.19.10,
  • perl 5.19.11,
  • perl 5.19.2,
  • perl 5.19.3,
  • perl 5.19.4,
  • perl 5.19.5,
  • perl 5.19.6,
  • perl 5.19.7,
  • perl 5.19.8,
  • perl 5.19.9,
  • perl 5.20.0,
  • perl 5.20.1,
  • perl 5.20.2,
  • perl 5.20.3,
  • perl 5.21.0,
  • perl 5.21.1,
  • perl 5.21.10,
  • perl 5.21.11,
  • perl 5.21.2,
  • perl 5.21.3,
  • perl 5.21.4,
  • perl 5.21.5,
  • perl 5.21.6,
  • perl 5.21.7,
  • perl 5.21.8,
  • perl 5.21.9,
  • perl 5.22.0,
  • perl 5.22.1,
  • perl 5.22.2,
  • perl 5.22.3,
  • perl 5.24.0,
  • perl 5.24.1,
  • perl 5.6,
  • perl 5.6.0,
  • perl 5.6.1,
  • perl 5.6.2,
  • perl 5.7.3,
  • perl 5.8,
  • perl 5.8.0,
  • perl 5.8.1,
  • perl 5.8.2,
  • perl 5.8.3,
  • perl 5.8.4,
  • perl 5.8.5,
  • perl 5.8.6,
  • perl 5.8.7,
  • perl 5.8.8,
  • perl 5.8.9,
  • perl 5.9.0,
  • perl 5.9.1,
  • perl 5.9.2,
  • perl 5.9.3,
  • perl 5.9.4,
  • perl 5.9.5,
  • spamassassin

References

Advisory

Additional Info

Technical Analysis