CVE-2023-47039
Published: 25 November 2023
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.
Notes
| Author | Note |
|---|---|
Priority reason: Does not affect Ubuntu. |
|
| alexmurray | Only affects Perl on Windows, so Ubuntu is not affected (even when running via WSL as far as I can tell from the CVE description) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
perl Launchpad, Ubuntu, Debian |
bionic |
Ignored
(only affects Perl for Windows)
|
| focal |
Ignored
(only affects Perl for Windows)
|
|
| jammy |
Ignored
(only affects Perl for Windows)
|
|
| lunar |
Ignored
(end of life, was ignored [only affects Perl for Windows])
|
|
| mantic |
Ignored
(only affects Perl for Windows)
|
|
| trusty |
Ignored
(only affects Perl for Windows)
|
|
| upstream |
Ignored
(only affects Perl for Windows)
|
|
| xenial |
Ignored
(only affects Perl for Windows)
|
|
|
perl6 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(only affects Perl for Windows)
|
| focal |
Ignored
(only affects Perl for Windows)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Ignored
(only affects Perl for Windows)
|
|
| xenial |
Ignored
(end of standard support)
|
|
|
raku Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Ignored
(end of life, was ignored [only affects Perl for Windows])
|
|
| mantic |
Ignored
(only affects Perl for Windows)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Ignored
(only affects Perl for Windows)
|
|
| xenial |
Ignored
(end of standard support)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |