CVE-2013-2145
Published: 6 June 2013
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.
Priority
Status
Package | Release | Status |
---|---|---|
libmodule-signature-perl Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(0.68-1ubuntu0.12.04.1)
|
|
quantal |
Released
(0.68-1ubuntu0.12.10.1)
|
|
raring |
Released
(0.68-1ubuntu0.13.04.1)
|
|
upstream |
Released
(0.72)
|
|
Patches: upstream: https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2 (pt1) upstream: https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896 (pt2) upstream: https://github.com/audreyt/module-signature/commit/8ff56de7668ff60fbc1afe5b965a3c865662dd24 (pt3) |