QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2145

Published: Aug 19, 2013

Modified: Sep 16, 2024

PUBLISHED

Description

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2013:1185

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

openSUSE-SU-2013:1178

vendor-advisory

x_refsource_SUSE

[oss-security] 20130605 CVE-2013-2145: perl Module::Signature code execution vulnerability

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=971096

x_refsource_MISC

https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.