CVE-2016-2381
Gentoo Linux Security Advisory 201701-75
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
Perl podría permitir a atacantes dependientes de contexto eludir los mecanismos de protección taint en un proceso hijo a través de variables de entorno duplicadas en envp.
Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint security mechanism would be applied to the value in %ENV, but not to the other rest of the environment. This could result in an ambiguous environment causing environment variables to be propagated to subprocesses, despite the protections supposedly offered by taint checking.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-02-13 CVE Reserved
- 2016-03-02 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.gossamer-threads.com/lists/perl/porters/326387 | Mailing List | |
| http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/83802 | Third Party Advisory | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | Third Party Advisory | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html | 2020-09-10 | |
| http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 | 2020-09-10 | |
| http://www.debian.org/security/2016/dsa-3501 | 2020-09-10 | |
| http://www.ubuntu.com/usn/USN-2916-1 | 2020-09-10 | |
| https://security.gentoo.org/glsa/201701-75 | 2020-09-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | < 5.23.9 Search vendor "Perl" for product "Perl" and version " < 5.23.9" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Billing And Revenue Management Search vendor "Oracle" for product "Communications Billing And Revenue Management" | 7.5 Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version "7.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Configuration Manager Search vendor "Oracle" for product "Configuration Manager" | < 12.1.2.0.4 Search vendor "Oracle" for product "Configuration Manager" and version " < 12.1.2.0.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Configuration Manager Search vendor "Oracle" for product "Configuration Manager" | 12.1.2.0.6 Search vendor "Oracle" for product "Configuration Manager" and version "12.1.2.0.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 11.2.0.4 Search vendor "Oracle" for product "Database Server" and version "11.2.0.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 12.1.0.2 Search vendor "Oracle" for product "Database Server" and version "12.1.0.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 12.2.0.1 Search vendor "Oracle" for product "Database Server" and version "12.2.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 18c Search vendor "Oracle" for product "Database Server" and version "18c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 19c Search vendor "Oracle" for product "Database Server" and version "19c" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform" | 13.2.0.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.2.0.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform" | 13.3.0.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.3.0.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Timesten In-memory Database Search vendor "Oracle" for product "Timesten In-memory Database" | < 18.1.2.1.0 Search vendor "Oracle" for product "Timesten In-memory Database" and version " < 18.1.2.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | 11.3 Search vendor "Oracle" for product "Solaris" and version "11.3" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
| ||||||