CVE-2015-3409

Upstream information

CVE-2015-3409 at MITRE

Description

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector	Local
Access Complexity	Low
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 928382 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2016:0163-1, published Tue, 19 Jan 2016 12:13:18 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`perl-Module-Signature >= 0.81-1.1`	Patchnames: openSUSE Tumbleweed GA perl-Module-Signature-0.81-1.1

SUSE Timeline for this CVE

CVE page created: Thu Apr 23 15:16:41 2015
CVE page last modified: Fri Jun 30 17:23:09 2023

CVE-2015-3409

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

SUSE Security Advisories:

List of released packages

SUSE Timeline for this CVE

Business-Critical Linux

Enterprise Container Management

Edge

Soluções

Industries

Ofertas de suporte

Serviços globais da SUSE

Recursos de suporte

Parceiros

Communities

Sobre