Skip to content
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.

perl vulnerability CVE-2016-1238 #13

Open
ipuustin opened this issue Sep 6, 2016 · 1 comment
Open

perl vulnerability CVE-2016-1238 #13

ipuustin opened this issue Sep 6, 2016 · 1 comment

Comments

@ipuustin
Copy link
Contributor

ipuustin commented Sep 6, 2016

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1238 reported by cve-checker.

@ipuustin
Copy link
Contributor Author

ipuustin commented Sep 7, 2016

The CVSS base score is 7.3 -- high. The attack works by getting a script with elevated privileges to be run so that the working directory contains a malicious perl module. In a non-interactive system, this is difficult to accomplish, and would require practically root user to manually run scripts in vulnerable directories. The resulting modified CVSS score is 5.8 -- medium.

https://nvd.nist.gov/cvss/v3-calculator?vector=AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C/CR:X/IR:X/AR:X/MAV:L/MAC:X/MPR:L/MUI:R/MS:X/MC:X/MI:X/MA:X

ipuustin pushed a commit to ipuustin/ostro-os-xt that referenced this issue Sep 16, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants