Vulnerability identifier: #VU114
Vulnerability risk: High
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-141
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Perl
Universal components / Libraries /
Scripting languages
Vendor: Perl
Description
The vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to an access control error in Perl. A local user can load arbitrary code from the current working directory by supplying specially crafted data to the XSLoader component.
Successful exploitation of this vulnerability may result in execution of arbitrary code.
Mitigation
The vendor has issued a source code fix, available at:
http://perl5.git.perl.org/perl.git/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee
Vulnerable software versions
Perl: 5.22.2-1
External links
http://perl5.git.perl.org/perl.git/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.