Lucene search

[email protected]CVE-2015-3409

HistoryMay 19, 2015 - 6:59 p.m.

CVE-2015-3409

2015-05-1918:59:06

[email protected]

web.nvd.nist.gov

cve-2015-3409

untrusted search path vulnerability

module::signature

privilege escalation

trojan horse

module

nvd

7.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.

Affected configurations

NVD

Node

module-signature_projectmodule-signatureRange≤0.74

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

CPENameOperatorVersion
module-signature_project:module-signaturemodule-signature project module-signaturele0.74

CPE	Name	Operator	Version
module-signature_project:module-signature	module-signature project module-signature	le	0.74

References

ubuntu.com/usn/usn-2607-1

www.debian.org/security/2015/dsa-3261

www.openwall.com/lists/oss-security/2015/04/07/1

www.openwall.com/lists/oss-security/2015/04/23/17

www.securityfocus.com/bid/73937

github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef

metacpan.org/changes/distribution/Module-Signature

7.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-3409

debiancve1 cvelist1 ubuntucve1 prion1 nvd1 securityvulns2 openvas4 debian5 osv2 nessus6 ubuntu1