Vulnerability Details : CVE-2015-3409
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
Exploit prediction scoring system (EPSS) score for CVE-2015-3409
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-3409
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2015-3409
-
http://ubuntu.com/usn/usn-2607-1
USN-2607-1: Module::Signature vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/73937
Module::Signature 'Signature.pm' Security Bypass Vulnerability
-
http://www.openwall.com/lists/oss-security/2015/04/23/17
oss-security - Re: CVE request: Module::Signature before 0.75 - multiple vulnerabilities
-
https://metacpan.org/changes/distribution/Module-Signature
Changes - metacpan.org
-
https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef
* Avoid loading modules from relative paths in @INC for Text::Diff etc. · audreyt/module-signature@c41e888 · GitHub
-
http://www.debian.org/security/2015/dsa-3261
Debian -- Security Information -- DSA-3261-1 libmodule-signature-perl
-
http://www.openwall.com/lists/oss-security/2015/04/07/1
oss-security - CVE request: Module::Signature before 0.75 - multiple vulnerabilities
Products affected by CVE-2015-3409
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:a:module-signature_project:module-signature:*:*:*:*:*:*:*:*