NVD Vulnerability Detail

CVE-2017-0373

Summary	The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.
Publication Date	May 24, 2017, 3:29 a.m.
Registration Date	Jan. 26, 2021, 1:10 p.m.
Last Update	Nov. 21, 2024, 12:02 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:config-model_project:config-model::::::::			2.101

Related information, measures and tools

No	URL	タグ
1	http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes	Release Notes
2	http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes	Release Notes
3	https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773	Patch
4	https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773	Patch
5	https://security-tracker.debian.org/tracker/CVE-2017-0373	Third Party Advisory
6	https://security-tracker.debian.org/tracker/CVE-2017-0373	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

Config-Model の lib/Config/Model/Utils/GenClassPod.pm の gen_class_pod implementation における脆弱性

Title	Config-Model の lib/Config/Model/Utils/GenClassPod.pm の gen_class_pod implementation における脆弱性
Summary	Config-Model (旧 libconfig-model-perl) の lib/Config/Model/Utils/GenClassPod.pm の gen_class_pod implementation は、危険な use lib 行を持つため、不特定の影響を受ける脆弱性が存在します。
Possible impacts	リモートの攻撃者により、巧妙に細工された Debian パッケージファイルを介して、不特定の影響を受ける可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 14, 2017, midnight
Registration Date	June 28, 2017, 7:23 p.m.
Last Update	June 28, 2017, 7:23 p.m.

Affected System

Config-Model project

Config-Model 2.102 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-0373	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0373
National Vulnerability Database (NVD)
2	CVE-2017-0373	https://nvd.nist.gov/vuln/detail/CVE-2017-0373
Security Bug Tracker
3	CVE-2017-0373	https://security-tracker.debian.org/tracker/CVE-2017-0373

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Alioth
1	add patch to remove 'use lib'	https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773
CPAN
2	genclasspod: remove use lib	http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes

Change Log

No	Changed Details	Date of change
0	[2017年06月28日] 掲載	Feb. 17, 2018, 10:37 a.m.