The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 12.04 |
| opensuse | opensuse | 12.3 |
| perlmonks | module::signature | * |
| perlmonks | module::signature | 0.70 |
| canonical | ubuntu_linux | 13.04 |
| opensuse | opensuse | 12.2 |
| opensuse | opensuse | 11.4 |
| canonical | ubuntu_linux | 12.10 |
| perlmonks | module::signature | 0.71 |