CVE-2014-10402

CVE-2014-10402

Name

CVE-2014-10402

Description

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590

Type

URI

Exploit

https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:perl:dbi::::::::`	dbi	>= None	<= 1.643

CPE URI

Source package

Min version

Max version

cpe:2.3:a:perl:dbi:*:*:*:*:*:*:*:*

dbi

>= None

<= 1.643

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
perl-dbi	edge-main	1.643-r0	None	fixed
perl-dbi	3.22-main	1.643-r0	None	fixed
perl-dbi	3.21-main	1.643-r0	None	fixed
perl-dbi	3.20-main	1.643-r0	None	fixed
perl-dbi	3.19-main	1.643-r0	None	fixed
perl-dbi	3.18-main	1.643-r0	None	fixed
perl-dbi	3.17-main	1.643-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

perl-dbi

edge-main

1.643-r0

None

fixed

perl-dbi

3.22-main