Privilege Escalation in perl (Alpine package)

1) Privilege Escalation

EUVDB-ID: #VU811

Risk: Medium

CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-1238

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to obtain elevated privileges on the target system.

The vulnerability exists due to improper input validation. By sending and tricking the victim to load a specially crafted code a malicious user can cause arbitrary code execution that allows them to gain root privileges.

Successful exploitation of this vulnerability will result in arbitrary code execution that allows a local attacker to get elevated privilegs on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

perl (Alpine package): 5.22.1-r0

CPE2.3

• cpe:2.3:a:alpine:perl_alpine_package:5.22.1-r0:*:*:*:*:alpine_linux:*:3.2

External links

https://git.alpinelinux.org/aports/commit/?id=414d938b62bf425063a54567a1736a0d2fb76c8f
https://git.alpinelinux.org/aports/commit/?id=d41a153ca51fae77177652bcf56edc463802bab3
https://git.alpinelinux.org/aports/commit/?id=920c66f72c3e2cc23d7aed42e9ffa0d3a355494d
https://git.alpinelinux.org/aports/commit/?id=baee0facb0bff1fa120bd6c9b7b0454af79a3f04
https://git.alpinelinux.org/aports/commit/?id=4038e91416abe5bb2a7a09fe108146f5d55bbdaa
https://git.alpinelinux.org/aports/commit/?id=bbc6185fa840cf1ceda1ac42aeae5bef8eb65357
https://git.alpinelinux.org/aports/commit/?id=cd0cf727fceef7bea9e79276c4511ec704e6143b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.