NVD

Id
38244  
Name
CVE-2013-2145  
Description
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.  
Reject
 
CVSS Version
2  
CVSS Score
4.4  
Severity
Medium  
CVSS Base Score
4.4  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-08-19  
Modified Date
2013-10-07  
Seq
2013-2145  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
195558 38244 CVE-2013-2145 openSUSE-SU-2013:1178  View
195559 38244 CVE-2013-2145 openSUSE-SU-2013:1185  View
195560 38244 CVE-2013-2145 [oss-security] 20130605 CVE-2013-2145: perl Module::Signature code execution vulnerability  View
195561 38244 CVE-2013-2145 60352  View
195562 38244 CVE-2013-2145 USN-1896-1  View
195563 38244 CVE-2013-2145 https://bugzilla.redhat.com/show_bug.cgi?id=971096  View
195564 38244 CVE-2013-2145 https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2  View
195565 38244 CVE-2013-2145 https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
22220 JVNDB-2013-003795 Perl 用 Module::Signature モジュールの cpansign 検証機能における署名チェックを回避される脆弱性 Perl 用 Module::Signature モジュールの cpansign 検証機能には、署名チェックを回避され、任意のコードを実行される脆弱性が存在します。 CVE-2013-2145 62087 CVE-2013-2145 38244 4.4 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-003795.html 2013-06-04 2013-08-21 View