Your submission was sent successfully! Close

CVE-2013-2145

Published: 6 June 2013

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.

Priority

Medium

Status

Package Release Status
libmodule-signature-perl
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (0.68-1ubuntu0.12.04.1)
quantal
Released (0.68-1ubuntu0.12.10.1)
raring
Released (0.68-1ubuntu0.13.04.1)
upstream
Released (0.72)
Patches:
upstream: https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2 (pt1)
upstream: https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896 (pt2)
upstream: https://github.com/audreyt/module-signature/commit/8ff56de7668ff60fbc1afe5b965a3c865662dd24 (pt3)