Perl 本地提权漏洞 CVE-2016-1238 CNNVD-201607-1011
Perl是美国程序员拉里-沃尔(Larry Wall)所研发的一种免费且功能强大的跨平台编程语言。 Perl 5.22.3-RC2之前的5.x版本和5.24.1-RC2之前的5.24版本中的多个文件存在安全漏洞,该漏洞源于程序从目录数组末尾错误删除‘。’字符。本地攻击者可借助当前工作的目录下的木马模块利用该漏洞获取权限。多个文件包括:(1)cpan/Archive-Tar/bin/ptar,(2)cpan/Archive-Tar/bin/ptardiff,(3)cpan/Archive-Tar/bin/ptargrep,(4)cpan/CPAN/scripts/cpan,(5)cpan/Digest-SHA/shasum,(6)cpan/Encode/bin/enc2xs, (7)cpan/Encode/bin/encguess,(8)cpan/Encode/bin/piconv,(9)cpan/Encode/bin/ucmlint,(10)cpan/Encode/bin/unidump,(11)cpan/ExtUtils-MakeMaker/bin/instmodsh,(12)cpan/IO-Compress/bin/zipdetails,(13)cpan/JSON-PP/bin/json_pp,(14)cpan/Test-Harness/bin/prove,(15)dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp,(16)dist/Module-CoreList/corelist,(17)ext/Pod-Html/bin/pod2html,(18) utils/c2ph.PL,(19)utils/h2ph.PL,(20)utils/h2xs.PL,(21)utils/libnetcfg.PL,(22)utils/perlbug.PL,(23)utils/perldoc.PL,(24)utils/perlivp.PL,(25)utils/splain.PL。
