[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution
bugzilla at redhat.com
bugzilla at redhat.com
Fri May 30 10:55:18 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1051108
Tomas Hoger <thoger at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|high |medium
Whiteboard|impact=important,public=201 |impact=moderate,public=2013
|31114,reported=20140109,sou |1114,reported=20140109,sour
|rce=oss-sec,cvss2=6.8/AV:N/ |ce=redhat,cvss2=5.1/AV:N/AC
|AC:M/Au:N/C:P/I:P/A:P,rhel- |:H/Au:N/C:P/I:P/A:P,rhel-7/
|7/perl-PlRPC=affected,rhscl |perl-PlRPC=affected,rhscl-1
|-1/perl516-perl-PlRPC=affec |/perl516-perl-PlRPC=affecte
|ted,fedora-all/perl-PlRPC=a |d,fedora-all/perl-PlRPC=aff
|ffected |ected
Flags|needinfo?(ratulg at redhat.com |
|) |
Severity|high |medium
--- Comment #8 from Tomas Hoger <thoger at redhat.com> ---
(In reply to Tomas Hoger from comment #5)
> The only package shipped in Red Hat Software Collections 1 and Red Hat
> Enterprise Linux 7 Beta is perl-DBI with DBI::Proxy / DBI::ProxyServer
> modules. Those modules are not used by any other package shipped as part of
> those products.
Search through Debian archive (using http://codesearch.debian.net/) also fails
to find any user of PlRPC or DBI::Proxy*. Reducing impact rating based on the
fact that this module does not seem to be used by any real world application.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=AocoGyyrcQ&a=cc_unsubscribe
More information about the perl-devel
mailing list