The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 6.8 | MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Hyperlink | Source | Resource |
|---|---|---|
| http://seclists.org/oss-sec/2014/q1/56 | secalert@redhat.com | N/A |
| http://seclists.org/oss-sec/2014/q1/62 | secalert@redhat.com | N/A |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789 | secalert@redhat.com | N/A |
| https://bugzilla.redhat.com/show_bug.cgi?id=1030572 | secalert@redhat.com | N/A |
| https://bugzilla.redhat.com/show_bug.cgi?id=1051108 | secalert@redhat.com | N/A |
| https://rt.cpan.org/Public/Bug/Display.html?id=90474 | secalert@redhat.com | Patch |
| http://seclists.org/oss-sec/2014/q1/56 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://seclists.org/oss-sec/2014/q1/62 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://bugzilla.redhat.com/show_bug.cgi?id=1030572 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://bugzilla.redhat.com/show_bug.cgi?id=1051108 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://rt.cpan.org/Public/Bug/Display.html?id=90474 | af854a3a-2127-422b-91ae-364da2661108 | Patch |