UBUNTU-CVE-2011-10007

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep() encounters a crafted filename. A file handle is opened with the 2 argument form of open() allowing an attacker controlled filename to provide the MODE parameter to open(), turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)

References

Affected packages

Ubuntu:Pro:16.04:LTS / libfile-find-rule-perl

Package

Name: libfile-find-rule-perl
Purl: pkg:deb/ubuntu/libfile-find-rule-perl@0.34-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.33-1

0.34-1

Ubuntu:Pro:18.04:LTS / libfile-find-rule-perl

Package

Name: libfile-find-rule-perl
Purl: pkg:deb/ubuntu/libfile-find-rule-perl@0.34-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.34-1

Ubuntu:Pro:20.04:LTS / libfile-find-rule-perl

Package

Name: libfile-find-rule-perl
Purl: pkg:deb/ubuntu/libfile-find-rule-perl@0.34-1?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.34-1

Ubuntu:22.04:LTS / libfile-find-rule-perl

Package

Name: libfile-find-rule-perl
Purl: pkg:deb/ubuntu/libfile-find-rule-perl@0.34-1ubuntu0.22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.34-1ubuntu0.22.04.1

Affected versions

0.*

0.34-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libfile-find-rule-perl",
            "binary_version": "0.34-1ubuntu0.22.04.1"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:24.10 / libfile-find-rule-perl

Package

Name: libfile-find-rule-perl
Purl: pkg:deb/ubuntu/libfile-find-rule-perl@0.34-3ubuntu0.24.10.1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.34-3ubuntu0.24.10.1

Affected versions

0.*

0.34-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libfile-find-rule-perl",
            "binary_version": "0.34-3ubuntu0.24.10.1"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:24.04:LTS / libfile-find-rule-perl

Package

Name: libfile-find-rule-perl
Purl: pkg:deb/ubuntu/libfile-find-rule-perl@0.34-3ubuntu0.24.04.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.34-3ubuntu0.24.04.1

Affected versions

0.*

0.34-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libfile-find-rule-perl",
            "binary_version": "0.34-3ubuntu0.24.04.1"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:25.04 / libfile-find-rule-perl

Package

Name: libfile-find-rule-perl
Purl: pkg:deb/ubuntu/libfile-find-rule-perl@0.34-3ubuntu0.25.04.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.34-3ubuntu0.25.04.1

Affected versions

0.*

0.34-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libfile-find-rule-perl",
            "binary_version": "0.34-3ubuntu0.25.04.1"
        }
    ],
    "availability": "No subscription required"
}