CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-06-02 07:51:39 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
8d2c06ff530a083f63fcb31be741f7cf4e4a8d28
CVEs-PoC/2011/CVE-2011-10007.md
T
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

19 lines
1.2 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
### [CVE-2011-10007](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-10007)
![](https://img.shields.io/static/v1?label=Product&message=File%3A%3AFind%3A%3ARule&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brightgreen)
### Description
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.Example:$ mkdir /tmp/poc; echo > "/tmp/poc/|id"$ perl -MFile::Find::Rule \    -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")'uid=1000(user) gid=1000(user) groups=1000(user),100(users)
### POC
#### Reference
- http://www.openwall.com/lists/oss-security/2025/06/05/4
- https://github.com/richardc/perl-file-find-rule/pull/4
#### Github
- https://github.com/w4zu/Debian_security
Reference in New Issue View Git Blame Copy Permalink