UBUNTU-CVE-2023-47039

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-47039

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-47039.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-47039

Related

CVE-2023-47039

Published

2023-11-25T17:00:00Z

Modified

2025-01-13T10:24:25Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to placecmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.

References

Affected packages

Ubuntu:Pro:14.04:LTS / perl

Package

Name: perl
Purl: pkg:deb/ubuntu/perl@5.18.2-2ubuntu1.7+esm5?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.14.2-21build1

5.18.1-4

5.18.1-4build1

5.18.1-5

5.18.2-2

5.18.2-2ubuntu1

5.18.2-2ubuntu1.1

5.18.2-2ubuntu1.3

5.18.2-2ubuntu1.4

5.18.2-2ubuntu1.6

5.18.2-2ubuntu1.7

5.18.2-2ubuntu1.7+esm3

5.18.2-2ubuntu1.7+esm4

5.18.2-2ubuntu1.7+esm5

Ecosystem specific

{
    "ubuntu_priority": "negligible",
    "priority_reason": "Does not affect Ubuntu."
}

Ubuntu:Pro:16.04:LTS / perl

Package

Name: perl
Purl: pkg:deb/ubuntu/perl@5.22.1-9ubuntu0.9+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.20.2-6

5.22.1-3

5.22.1-4

5.22.1-5

5.22.1-7

5.22.1-8

5.22.1-9

5.22.1-9ubuntu0.2

5.22.1-9ubuntu0.3

5.22.1-9ubuntu0.5

5.22.1-9ubuntu0.6

5.22.1-9ubuntu0.9

5.22.1-9ubuntu0.9+esm1

5.22.1-9ubuntu0.9+esm2

Ecosystem specific

{
    "ubuntu_priority": "negligible",
    "priority_reason": "Does not affect Ubuntu."
}

Ubuntu:Pro:18.04:LTS / perl

Package

Name: perl
Purl: pkg:deb/ubuntu/perl@5.26.1-6ubuntu0.7?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.26.0-8ubuntu1

5.26.1-2ubuntu1

5.26.1-3

5.26.1-4

5.26.1-4build1

5.26.1-5

5.26.1-6

5.26.1-6ubuntu0.1

5.26.1-6ubuntu0.2

5.26.1-6ubuntu0.3

5.26.1-6ubuntu0.5

5.26.1-6ubuntu0.6

5.26.1-6ubuntu0.7

Ecosystem specific

{
    "ubuntu_priority": "negligible",
    "priority_reason": "Does not affect Ubuntu."
}

Ubuntu:Pro:18.04:LTS / perl6

Package

Name: perl6
Purl: pkg:deb/ubuntu/perl6@6.c-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.c-1

Ecosystem specific

{
    "ubuntu_priority": "negligible",
    "priority_reason": "Does not affect Ubuntu."
}

Ubuntu:20.04:LTS / perl

Package

Name: perl
Purl: pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.5?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.28.1-6build1

5.30.0-7

5.30.0-9

5.30.0-9build1

5.30.0-9ubuntu0.2

5.30.0-9ubuntu0.3

5.30.0-9ubuntu0.4

5.30.0-9ubuntu0.5

Ecosystem specific

{
    "ubuntu_priority": "negligible",
    "priority_reason": "Does not affect Ubuntu."
}

Ubuntu:20.04:LTS / perl6

Package

Name: perl6
Purl: pkg:deb/ubuntu/perl6@6.d-2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.d-2

Ecosystem specific

{
    "ubuntu_priority": "negligible",
    "priority_reason": "Does not affect Ubuntu."
}

Ubuntu:22.04:LTS / perl

Package

Name: perl
Purl: pkg:deb/ubuntu/perl@5.34.0-3ubuntu1.3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.32.1-3ubuntu3

5.34.0-3ubuntu1

5.34.0-3ubuntu1.1

5.34.0-3ubuntu1.2

5.34.0-3ubuntu1.3

Ecosystem specific

{
    "ubuntu_priority": "negligible",
    "priority_reason": "Does not affect Ubuntu."
}