CVE-2016-6185
CVE-2016-6185
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/https://rt.cpan.org/Public/Bug/Display.html?id=115808https://security.gentoo.org/glsa/201701-75https://usn.ubuntu.com/3625-1/https://usn.ubuntu.com/3625-2/http://www.debian.org/security/2016/dsa-3628http://www.openwall.com/lists/oss-security/2016/07/07/1http://www.openwall.com/lists/oss-security/2016/07/08/5http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html