#VU114 XSLoader relative path error in Perl in Perl - CVE-2016-6185
Published: July 11, 2016
Vulnerability identifier: #VU114
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6185
CWE-ID: CWE-141
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Perl
Perl
Software vendor:
Perl
Perl
Description
The vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to an access control error in Perl. A local user can load arbitrary code from the current working directory by supplying specially crafted data to the XSLoader component.
Successful exploitation of this vulnerability may result in execution of arbitrary code.
The vulnerability exists due to an access control error in Perl. A local user can load arbitrary code from the current working directory by supplying specially crafted data to the XSLoader component.
Successful exploitation of this vulnerability may result in execution of arbitrary code.
Remediation
The vendor has issued a source code fix, available at:
http://perl5.git.perl.org/perl.git/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee
http://perl5.git.perl.org/perl.git/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee