CVE-2015-3409

Published: May 19, 2015Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.

Affected (5)

Products: Module Signature Project: Module Signature · Canonical: Ubuntu Linux

Module Signature Project

1 product

Module Signature

Canonical

1 product

Ubuntu Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Module Signature Project Module Signature	Up to 0.74

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10
Canonical Ubuntu Linux	Version 15.04

References (14)

http://ubuntu.com/usn/usn-2607-1

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3261

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/04/07/1

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/04/23/17

Source: cve@mitre.org

http://www.securityfocus.com/bid/73937

Source: cve@mitre.org

https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef

Source: cve@mitre.org

https://metacpan.org/changes/distribution/Module-Signature

Source: cve@mitre.org

http://ubuntu.com/usn/usn-2607-1