https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Bug ID: 1354386 Summary: CVE-2016-6185 perl: XSLoader loads relative paths not included in @INC Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: cweyl@alumni.drew.edu, hhorak@redhat.com, iarnell@gmail.com, jorton@redhat.com, jplesnik@redhat.com, kasal@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-list@redhat.com, ppisar@redhat.com, psabata@redhat.com, rc040203@freenet.de, rmeggins@redhat.com, tcallawa@redhat.com
An arbitrary code execution can be achieved if loading code from untrusted current working directory despite the '.' is removed from @INC. Vulnerability is in XSLoader that uses caller() information to locate .so file to load. If malicious attacker creates directory named `(eval 1)` with malicious binary file in it, it will be loaded if the package calling XSLoader is in parent directory.
CVE assignment:
http://seclists.org/oss-sec/2016/q3/28
Upstream bug:
https://rt.cpan.org/Public/Bug/Display.html?id=115808
Upstream patch:
http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1354387
--- Comment #1 from Adam Mariš amaris@redhat.com ---
Created perl tracking bugs for this issue:
Affects: fedora-all [bug 1354387]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1354387 [Bug 1354387] CVE-2016-6185 perl: XSLoader loads relative paths not included in @INC [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1354390
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1353238
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1353238 [Bug 1353238] Please update XSLoader to 0.22
https://bugzilla.redhat.com/show_bug.cgi?id=1354386 Bug 1354386 depends on bug 1354387, which changed state.
Bug 1354387 Summary: CVE-2016-6185 perl: XSLoader loads relative paths not included in @INC [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1354387
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |DUPLICATE
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Adam Mariš amaris@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=affected,rhel-6/perl= |/perl=new,rhel-6/perl=new,r |affected,rhel-7/perl=affect |hel-7/perl=new,rhscl-2/rh-p |ed,rhscl-2/rh-perl520=affec |erl520=new,rhscl-2/perl516= |ted,rhscl-2/perl516=affecte |new,directory_server_8/perl |d,directory_server_8/perl=a |=new,fedora-all/perl=notaff |ffected,fedora-all/perl=aff |ected |ected |
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
--- Comment #2 from Fedora Update System updates@fedoraproject.org --- perl-5.20.3-332.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1354386 Bug 1354386 depends on bug 1353238, which changed state.
Bug 1353238 Summary: Please update XSLoader to 0.22 https://bugzilla.redhat.com/show_bug.cgi?id=1353238
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
--- Comment #3 from Fedora Update System updates@fedoraproject.org --- perl-5.22.2-361.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
--- Comment #4 from Fedora Update System updates@fedoraproject.org --- perl-5.22.2-353.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=new,rhel-6/perl=new,r |/perl=new,rhel-6/perl=new,r |hel-7/perl=new,rhscl-2/rh-p |hel-7/perl=new,rhscl-2/rh-p |erl520=new,rhscl-2/perl516= |erl520-perl=new,rhscl-2/per |new,directory_server_8/perl |l516=new,directory_server_8 |=new,fedora-all/perl=notaff |/perl=new,fedora-all/perl=n |ected |otaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=new,rhel-6/perl=new,r |/perl=new,rhel-6/perl=new,r |hel-7/perl=new,rhscl-2/rh-p |hel-7/perl=new,rhscl-2/rh-p |erl520-perl=new,rhscl-2/per |erl520-perl=new,rhscl-2/per |l516=new,directory_server_8 |l516-perl=new,directory_ser |/perl=new,fedora-all/perl=n |ver_8/perl=new,fedora-all/p |otaffected |erl=notaffected,rhscl-2/rh- | |perl524-perl=new
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=new,rhel-6/perl=new,r |/perl=new,rhel-6/perl=new,r |hel-7/perl=new,rhscl-2/rh-p |hel-7/perl=new,rhscl-2/rh-p |erl520-perl=new,rhscl-2/per |erl520-perl=new,rhscl-2/per |l516-perl=new,directory_ser |l516-perl=new,fedora-all/pe |ver_8/perl=new,fedora-all/p |rl=notaffected,rhscl-2/rh-p |erl=notaffected,rhscl-2/rh- |erl524-perl=new |perl524-perl=new |
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=new,rhel-6/perl=new,r |/perl=new,rhel-6/perl=wontf |hel-7/perl=new,rhscl-2/rh-p |ix,rhel-7/perl=wontfix,rhsc |erl520-perl=new,rhscl-2/per |l-2/rh-perl520-perl=new,rhs |l516-perl=new,fedora-all/pe |cl-2/perl516-perl=new,fedor |rl=notaffected,rhscl-2/rh-p |a-all/perl=notaffected,rhsc |erl524-perl=new |l-2/rh-perl524-perl=new
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
--- Comment #6 from Cedric Buissart cbuissar@redhat.com --- However, RHSCL is affect : rh-perl520-perl-List-MoreUtils
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |cbuissar@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=new,rhel-6/perl=wontf |/perl=wontfix,rhel-6/perl=w |ix,rhel-7/perl=wontfix,rhsc |ontfix,rhel-7/perl=wontfix, |l-2/rh-perl520-perl=new,rhs |rhscl-2/rh-perl520-perl=new |cl-2/perl516-perl=new,fedor |,rhscl-2/perl516-perl=new,f |a-all/perl=notaffected,rhsc |edora-all/perl=notaffected, |l-2/rh-perl524-perl=new |rhscl-2/rh-perl524-perl=new
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |perl 5.25.10 Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.8/CVSS:3.0/AV:L/AC:L/PR:N/ |.3/CVSS:3.0/AV:L/AC:L/PR:L/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=wontfix,rhel-6/perl=w |/perl=wontfix,rhel-6/perl=w |ontfix,rhel-7/perl=wontfix, |ontfix,rhel-7/perl=wontfix, |rhscl-2/rh-perl520-perl=new |rhscl-2/rh-perl520-perl=new |,rhscl-2/perl516-perl=new,f |,rhscl-2/perl516-perl=new,f |edora-all/perl=notaffected, |edora-all/perl=notaffected, |rhscl-2/rh-perl524-perl=new |rhscl-2/rh-perl524-perl=new
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.3/CVSS:3.0/AV:L/AC:L/PR:L/ |.3/CVSS:3.0/AV:L/AC:L/PR:L/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=wontfix,rhel-6/perl=w |/perl=wontfix,rhel-6/perl=w |ontfix,rhel-7/perl=wontfix, |ontfix,rhel-7/perl=wontfix, |rhscl-2/rh-perl520-perl=new |rhscl-2/rh-perl520-perl=aff |,rhscl-2/perl516-perl=new,f |ected,rhscl-2/perl516-perl= |edora-all/perl=notaffected, |new,fedora-all/perl=notaffe |rhscl-2/rh-perl524-perl=new |cted,rhscl-2/rh-perl524-per | |l=new
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|perl 5.25.10 |perl 5.25.3
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.3/CVSS:3.0/AV:L/AC:L/PR:L/ |.3/CVSS:3.0/AV:L/AC:L/PR:L/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=wontfix,rhel-6/perl=w |/perl=wontfix,rhel-6/perl=w |ontfix,rhel-7/perl=wontfix, |ontfix,rhel-7/perl=wontfix, |rhscl-2/rh-perl520-perl=aff |rhscl-2/rh-perl520-perl=aff |ected,rhscl-2/perl516-perl= |ected,fedora-all/perl=notaf |new,fedora-all/perl=notaffe |fected,rhscl-2/rh-perl524-p |cted,rhscl-2/rh-perl524-per |erl=new |l=new |
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.3/CVSS:3.0/AV:L/AC:L/PR:L/ |.3/CVSS:3.0/AV:L/AC:L/PR:L/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=wontfix,rhel-6/perl=w |/perl=wontfix,rhel-6/perl=w |ontfix,rhel-7/perl=wontfix, |ontfix,rhel-7/perl=wontfix, |rhscl-2/rh-perl520-perl=aff |rhscl-2/rh-perl520-perl=aff |ected,fedora-all/perl=notaf |ected,fedora-all/perl=notaf |fected,rhscl-2/rh-perl524-p |fected,rhscl-2/rh-perl524-p |erl=new |erl=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed| |2017-08-04 07:29:43
https://bugzilla.redhat.com/show_bug.cgi?id=1354386
Cedric Buissart cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0630,reported=20160630,sour |0630,reported=20160630,sour |ce=debian,cvss2=6.8/AV:N/AC |ce=debian,cvss2=6.8/AV:N/AC |:M/Au:N/C:P/I:P/A:P,cvss3=7 |:M/Au:N/C:P/I:P/A:P,cvss3=7 |.3/CVSS:3.0/AV:L/AC:L/PR:L/ |.3/CVSS:3.0/AV:L/AC:L/PR:L/ |UI:R/S:U/C:H/I:H/A:H,rhel-5 |UI:R/S:U/C:H/I:H/A:H,rhel-5 |/perl=wontfix,rhel-6/perl=w |/perl=wontfix,rhel-6/perl=w |ontfix,rhel-7/perl=wontfix, |ontfix,rhel-7/perl=wontfix, |rhscl-2/rh-perl520-perl=aff |rhscl-2/rh-perl520-perl=won |ected,fedora-all/perl=notaf |tfix,fedora-all/perl=notaff |fected,rhscl-2/rh-perl524-p |ected,rhscl-2/rh-perl524-pe |erl=affected |rl=wontfix
perl-devel@lists.fedoraproject.org