SB2017101067 - Privilege Escalation in perl (Alpine package)
Published: October 10, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Privilege Escalation (CVE-ID: CVE-2016-1238)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to improper input validation. By sending and tricking the victim to load a specially crafted code a malicious user can cause arbitrary code execution that allows them to gain root privileges.
Successful exploitation of this vulnerability will result in arbitrary code execution that allows a local attacker to get elevated privilegs on the vulnerable system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=414d938b62bf425063a54567a1736a0d2fb76c8f
- https://git.alpinelinux.org/aports/commit/?id=d41a153ca51fae77177652bcf56edc463802bab3
- https://git.alpinelinux.org/aports/commit/?id=920c66f72c3e2cc23d7aed42e9ffa0d3a355494d
- https://git.alpinelinux.org/aports/commit/?id=baee0facb0bff1fa120bd6c9b7b0454af79a3f04
- https://git.alpinelinux.org/aports/commit/?id=4038e91416abe5bb2a7a09fe108146f5d55bbdaa
- https://git.alpinelinux.org/aports/commit/?id=bbc6185fa840cf1ceda1ac42aeae5bef8eb65357
- https://git.alpinelinux.org/aports/commit/?id=cd0cf727fceef7bea9e79276c4511ec704e6143b