Vulnerability Details : CVE-2013-7284
The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
Vulnerability category: Execute code
Products affected by CVE-2013-7284
- cpe:2.3:a:malcolm_nooning:pirpc:*:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2010:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2003:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2002:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2001:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2014:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2012:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2019:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2018:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2017:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2016:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2013:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2011:*:*:*:*:perl:*:*
- cpe:2.3:a:malcolm_nooning:pirpc:0.2000:*:*:*:*:perl:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-7284
1.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-7284
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-7284
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7284
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789
#734789 - [CVE-2013-7284] Remote pre-authentication code execution in PlRPC - Debian Bug report logs
-
https://bugzilla.redhat.com/show_bug.cgi?id=1051108
1051108 – (CVE-2013-7284) CVE-2013-7284 perl-PlRPC: pre-auth remote code execution
-
https://bugzilla.redhat.com/show_bug.cgi?id=1030572
1030572 – perl-PlRPC: not secure across trust boundaries
-
https://rt.cpan.org/Public/Bug/Display.html?id=90474
Bug #90474 for PlRPC: Security notice on Storable and reply attackPatch
-
http://seclists.org/oss-sec/2014/q1/62
oss-sec: Re: PlRPC Perl module: pre-auth remote code execution, weak crypto
-
http://seclists.org/oss-sec/2014/q1/56
oss-sec: PlRPC Perl module: pre-auth remote code execution, weak crypto
Jump to