118 matches found
Design/Logic Flaw
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module...
Sql injection
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...
Design/Logic Flaw
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files...
CVE-2015-3407
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files...
CVE-2015-3408
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...
CVE-2015-3409
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module...
CVE-2015-3407
CVE-2015-3407 affects Module::Signature for Perl; root cause is improper handling that allows bypassing signature verification when a SIGNATURE file omits listed files. The issue is widely referenced in multiple advisories and is addressed by upgrading Module::Signature to a fixed version (e.g., ...
CVE-2015-3409
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module...
CVE-2015-3408
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...
CVE-2015-3409
Module::Signature prior to 0.75 is vulnerable to an untrusted search path, enabling local privilege escalation by placing a Trojan horse module in the current working directory. The issue stems from loading modules from relative paths in @INC during signature verification, leading to arbitrary co...
Ubuntu 14.04 LTS : Module::Signature vulnerabilities (USN-2607-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2607-1 advisory. John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick...
USN-2607-1 libmodule-signature-perl vulnerabilities
John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. CVE-2015-3406 John Lightsey discovered that...
USN-2607-1: Module::Signature vulnerabilities
John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. CVE-2015-3406 John Lightsey discovered that...
perl-Module-Signature content spoofing
Unsigned content can be interpreted as a signed...
Unspecified Arbitrary Module Loading Vulnerability in Module::Signature Module for Perl
Perl is a programming language. An unspecified security vulnerability in Module::Signature Module for Perl could be exploited by remote attackers to load arbitrary modules...
Unspecified Arbitrary Code Execution Vulnerability in Module::Signature Module for Perl
Perl is a programming language. An unspecified security vulnerability in Module::Signature Module for Perl could be exploited by remote attackers to execute arbitrary code...
Unspecified File Handling Signature Vulnerability in Module::Signature Module for Perl
Perl is a programming language. An unspecified security vulnerability exists in Module::Signature Module for Perl related to Test Phase, which could be exploited by a remote attacker to process an unsigned file as a signed file...
Unspecified Arbitrary Code Execution Vulnerability in Module::Signature Module for Perl Test Phase
Perl is a programming language. An unspecified security vulnerability exists in Module::Signature Module for Perl related Test Phase, which could be exploited by remote attackers to execute arbitrary code...
[ MDVSA-2015:207 ] perl-Module-Signature
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:207 http://www.mandriva.com/en/support/security/ Package : perl-Module-Signature Date : April 27, 2015 Affected: Business Server 1.0 Problem Description: Updated perl-Module-Signature package fixes the...
Mandriva Linux Security Advisory : perl-Module-Signature (MDVSA-2015:207)
Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey : Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying...