CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-3408

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.037

EPSS Ranking 87.3%

CVSS Severity

CVSS v2 Score 10.0

References

http://ubuntu.com/usn/usn-2607-1
http://www.debian.org/security/2015/dsa-3261
http://www.openwall.com/lists/oss-security/2015/04/07/1
http://www.openwall.com/lists/oss-security/2015/04/23/17
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
https://metacpan.org/changes/distribution/Module-Signature
http://ubuntu.com/usn/usn-2607-1
http://www.debian.org/security/2015/dsa-3261
http://www.openwall.com/lists/oss-security/2015/04/07/1
http://www.openwall.com/lists/oss-security/2015/04/23/17
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
https://metacpan.org/changes/distribution/Module-Signature

Products affected by CVE-2015-3408

Module-Signature Project » Module-Signature » Version: 0.73

cpe:2.3:a:module-signature_project:module-signature:0.73
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 14.10

cpe:2.3:o:canonical:ubuntu_linux:14.10
Canonical » Ubuntu Linux » Version: 15.04

cpe:2.3:o:canonical:ubuntu_linux:15.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-3408

Products

Pricing

Contact Us