{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-04-29T12:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20140109 Re: PlRPC Perl module: pre-auth remote code execution, weak crypto", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q1/62"}, {"tags": ["x_refsource_MISC"], "url": "https://rt.cpan.org/Public/Bug/Display.html?id=90474"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030572"}, {"name": "[oss-security] 20140109 PlRPC Perl module: pre-auth remote code execution, weak crypto", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q1/56"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051108"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:01:20.435Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140109 Re: PlRPC Perl module: pre-auth remote code execution, weak crypto", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q1/62"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://rt.cpan.org/Public/Bug/Display.html?id=90474"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030572"}, {"name": "[oss-security] 20140109 PlRPC Perl module: pre-auth remote code execution, weak crypto", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q1/56"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051108"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-7284", "datePublished": "2014-04-29T14:00:00", "dateReserved": "2014-01-09T00:00:00", "dateUpdated": "2024-08-06T18:01:20.435Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:*:*:*:*:*:perl:*:*", "matchCriteriaId": "062463DB-4336-4A70-81A9-6002A812F3FC", "versionEndIncluding": "0.2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2000:*:*:*:*:perl:*:*", "matchCriteriaId": "A94933B1-ECFA-4CA9-BAC9-A85963F224A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2001:*:*:*:*:perl:*:*", "matchCriteriaId": "C35CFF4A-F2A9-4693-8D6C-D32A409001EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2002:*:*:*:*:perl:*:*", "matchCriteriaId": "F7E5FDC8-98EC-429A-88AE-68180B4242E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2003:*:*:*:*:perl:*:*", "matchCriteriaId": "2CD0EC24-E6FB-44DA-8287-CC3A7342CFEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2010:*:*:*:*:perl:*:*", "matchCriteriaId": "8F053738-93E7-4C5F-A192-0D0656F45D19", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2011:*:*:*:*:perl:*:*", "matchCriteriaId": "123D7D8E-70F0-4859-AF27-0BBB5BB4B1D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2012:*:*:*:*:perl:*:*", "matchCriteriaId": "FDCE71FF-A65D-4CB3-9C03-F4EFB7255AD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2013:*:*:*:*:perl:*:*", "matchCriteriaId": "4F064F64-8CB8-4D1E-8DE0-732FA6A457B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2014:*:*:*:*:perl:*:*", "matchCriteriaId": "AAF3DDDB-79AF-483A-969A-A30241A1C532", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2016:*:*:*:*:perl:*:*", "matchCriteriaId": "46D50C88-98FF-48FE-A36D-0494821DFE00", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2017:*:*:*:*:perl:*:*", "matchCriteriaId": "AE5EDAC9-B243-412F-B4C8-0AB986514FD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2018:*:*:*:*:perl:*:*", "matchCriteriaId": "528B84CD-478A-441B-BD2B-AE6B0978ABBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:malcolm_nooning:pirpc:0.2019:*:*:*:*:perl:*:*", "matchCriteriaId": "D3C4B2DB-9D6A-499A-9F33-E8FEB3716B24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized."}, {"lang": "es", "value": "El m\u00f3dulo PlRPC para Perl, posiblemente 0.2020 y anteriores, utiliza el m\u00f3dulo Storable, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulada, lo cual no se maneja debidamente cuando est\u00e1 deserializada."}], "id": "CVE-2013-7284", "lastModified": "2014-04-30T13:56:04.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-29T14:38:49.890", "references": [{"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2014/q1/56"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2014/q1/62"}, {"source": "secalert@redhat.com", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030572"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051108"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://rt.cpan.org/Public/Bug/Display.html?id=90474"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "perl-PlRPC: pre-auth remote code execution", "id": "1051108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051108"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "details": ["The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized."], "name": "CVE-2013-7284", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "perl-PlRPC", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Will not fix", "package_name": "perl516-perl-PlRPC", "product_name": "Red Hat Software Collections"}], "public_date": "2013-11-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-7284\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7284"], "statement": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}