Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-6185 |
CWE-ID | CWE-141 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Perl Universal components / Libraries / Scripting languages |
Vendor | Perl |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU114
Risk: High
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6185
CWE-ID:
CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Exploit availability: No
DescriptionThe vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to an access control error in Perl. A local user can load arbitrary code from the current working directory by supplying specially crafted data to the XSLoader component.
Successful exploitation of this vulnerability may result in execution of arbitrary code.
The vendor has issued a source code fix, available at:
http://perl5.git.perl.org/perl.git/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee
Perl: 5.22.2-1
External linkshttp://perl5.git.perl.org/perl.git/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.