CVE-2016-2381

Опубликовано: 08 апр. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

Ссылки

http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html
Mailing List
Third Party Advisory
http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
Vendor Advisory
http://www.debian.org/security/2016/dsa-3501
Third Party Advisory
http://www.gossamer-threads.com/lists/perl/porters/326387
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Third Party Advisory
http://www.securityfocus.com/bid/83802
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2916-1
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
Third Party Advisory
https://security.gentoo.org/glsa/201701-75
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html
Mailing List
Third Party Advisory
http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
Vendor Advisory
http://www.debian.org/security/2016/dsa-3501
Third Party Advisory
http://www.gossamer-threads.com/lists/perl/porters/326387
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*

Версия до 5.23.9 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:configuration_manager:*:*:*:*:*:*:*:*

Версия до 12.1.2.0.4 (исключая)

cpe:2.3:a:oracle:configuration_manager:12.1.2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*

cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*

Версия до 18.1.2.1.0 (исключая)

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19468

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2016-2381

CVSS3: 7.5

ubuntu

почти 10 лет назад

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2016-2381

redhat

почти 10 лет назад

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2016-2381

CVSS3: 7.5

debian

почти 10 лет назад

Perl might allow context-dependent attackers to bypass the taint prote ...

GHSA-mmf9-wh8f-2qv3

CVSS3: 7.5

github

больше 3 лет назад

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

openSUSE-SU-2016:2313-1

suse-cvrf

больше 9 лет назад

Security update for perl

EPSS

Процентиль: 95%

0.19468

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20