FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p5-XSLoader -- local arbitrary code execution

Affected packages
		p5-XSLoader	<	0.22
		perl5	<	5.18.4_24
5.20	<=	perl5	<	5.20.3_15
5.21	<=	perl5	<	5.22.3.r2
5.23	<=	perl5	<	5.24.1.r2
5.25	<=	perl5	<	5.25.2.87
		perl5-devel	<	5.18.4_24
5.20	<=	perl5-devel	<	5.20.3_15
5.21	<=	perl5-devel	<	5.22.3.r2
5.23	<=	perl5-devel	<	5.24.1.r2
5.25	<=	perl5-devel	<	5.25.2.87
		perl5.18	<	5.18.4_24
5.20	<=	perl5.18	<	5.20.3_15
5.21	<=	perl5.18	<	5.22.3.r2
5.23	<=	perl5.18	<	5.24.1.r2
5.25	<=	perl5.18	<	5.25.2.87
		perl5.20	<	5.18.4_24
5.20	<=	perl5.20	<	5.20.3_15
5.21	<=	perl5.20	<	5.22.3.r2
5.23	<=	perl5.20	<	5.24.1.r2
5.25	<=	perl5.20	<	5.25.2.87
		perl5.22	<	5.18.4_24
5.20	<=	perl5.22	<	5.20.3_15
5.21	<=	perl5.22	<	5.22.3.r2
5.23	<=	perl5.22	<	5.24.1.r2
5.25	<=	perl5.22	<	5.25.2.87
		perl5.24	<	5.18.4_24
5.20	<=	perl5.24	<	5.20.3_15
5.21	<=	perl5.24	<	5.22.3.r2
5.23	<=	perl5.24	<	5.24.1.r2
5.25	<=	perl5.24	<	5.25.2.87
0	<=	perl

Details

VuXML ID	3e08047f-5a6c-11e6-a6c3-14dae9d210b8
Discovery	2016-06-30
Entry	2016-08-04
Modified	2016-08-22

Jakub Wilk reports:

XSLoader tries to load code from a subdirectory in the cwd when called inside a string eval

[source]

References

CVE Name	CVE-2016-6185
URL	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829578

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.