Vulnerability CVE-2013-7284

Vulnerability Name:

CVE-2013-7284 (CCN-90200)

Assigned:

2014-01-09

Published:

2014-01-09

Updated:

2014-04-30

Summary:

The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-94

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-7284

Source: CCN
Type: CPAN Web site
PlRPC Perl module

Source: CCN
Type: oss-security: Thu, 9 Jan 2014
PlRPC Perl module: pre-auth remote code execution, weak crypto

Source: MLIST
Type: UNKNOWN
[oss-security] 20140109 PlRPC Perl module: pre-auth remote code execution, weak crypto

Source: MLIST
Type: UNKNOWN
[oss-security] 20140109 Re: PlRPC Perl module: pre-auth remote code execution, weak crypto

Source: CONFIRM
Type: UNKNOWN
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789

Source: CCN
Type: Red Hat Bugzilla Bug 1030572
perl-PlRPC: not secure across trust boundaries

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1030572

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1051108

Source: XF
Type: UNKNOWN
pirpc-cve20137284-code-execution(90200)

Source: MISC
Type: Patch
https://rt.cpan.org/Public/Bug/Display.html?id=90474

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-7284

Vulnerable Configuration:

Configuration 1:

cpe:/a:malcolm_nooning:pirpc:0.2000:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2001:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2002:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2003:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2010:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2011:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2012:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2013:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2014:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2016:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2017:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2018:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:0.2019:*:*:*:*:perl:*:*

OR cpe:/a:malcolm_nooning:pirpc:*:*:*:*:*:perl:*:* (Version <= 0.2020)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20137284	V	CVE-2013-7284	2022-09-01
oval:org.opensuse.security:def:24047	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:34671	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:24011	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:30284	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:30157	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:23999	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:61099	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:29438	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:30138	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:34564	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:33019	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:61536	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:23669	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:29421	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:30120	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:46901	P	binutils-2.26.1-9.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46995	P	libXinerama1-1.1.3-3.54 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47702	P	libecpg6-10.5-1.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46885	P	alsa-1.0.27.2-11.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46964	P	gvim-7.4.326-2.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47064	P	libpoppler-glib8-0.43.0-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47755	P	libopenssl1_1-1.1.1-1.9 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:62059	P	dbus-1-1.12.2-8.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62736	P	cups-pk-helper-0.2.6-1.36 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62785	P	libgme-devel-0.6.2-1.17 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62835	P	vorbis-tools-1.4.0-1.53 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:30227	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:23623	P	Security update for systemd (Important)	2021-07-21
oval:org.opensuse.security:def:33930	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:23923	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:61077	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:29382	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:61076	P	Security update for the Linux Kernel (Important)	2021-06-09
oval:org.opensuse.security:def:62868	P	patch-2.7.6-3.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46547	P	pam_ssh-2.0-1.39 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46840	P	ruby-2.1-1.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61265	P	libpcre1-32bit-8.41-4.20 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46405	P	dbus-1-glib-0.100.2-3.58 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46758	P	libpng16-16-1.6.8-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46834	P	radvd-1.9.7-2.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:23553	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:34406	P	Security update for the Linux Kernel (Important)	2021-04-13
oval:org.opensuse.security:def:31368	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:29482	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:34026	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:33076	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:34622	P	Security update for python36 (Important)	2021-02-10
oval:org.opensuse.security:def:23734	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:33942	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:33931	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:32924	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:45705	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:45071	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:30006	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:23876	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:61727	P	dbus-1-glib-0.108-1.29 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62606	P	typelib-1_0-JavaScriptCore-4_0-2.24.1-3.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62505	P	audiofile-devel-0.3.6-3.7.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61854	P	libopenssl-1_1-devel-1.1.1d-9.9 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62377	P	docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-4.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62698	P	libsoup-devel-2.68.3-2.32 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:23384	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:46317	P	Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:24774	P	Security update for spice (Moderate)	2020-12-01
oval:org.opensuse.security:def:30730	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:32699	P	ldapsmb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28986	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:24873	P	Security update for rpm (Important)	2020-12-01
oval:org.opensuse.security:def:32698	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34710	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31406	P	Security update for perl-PlRPC (Moderate)	2020-12-01
oval:org.opensuse.security:def:32789	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29127	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25553	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:45082	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:34779	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29333	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:45374	P	Security update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:35458	P	Security update for perl-PlRPC (Moderate)	2020-12-01
oval:org.opensuse.security:def:29920	P	Security update for libevent (Moderate)	2020-12-01
oval:org.opensuse.security:def:33163	P	libmysql55client18-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:45576	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:33425	P	Security update for avahi	2020-12-01
oval:org.opensuse.security:def:24186	P	Security update for tomcat (Moderate)	2020-12-01
oval:org.opensuse.security:def:33376	P	Security update for sap_suse_cluster_connector	2020-12-01
oval:org.opensuse.security:def:45911	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:33487	P	Security update for libpoppler4	2020-12-01
oval:org.opensuse.security:def:24368	P	Security update for audiofile (Moderate)	2020-12-01
oval:org.opensuse.security:def:46104	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:24717	P	Security update for perl-PlRPC (Moderate)	2020-12-01
oval:org.opensuse.security:def:30370	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:34169	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:45884	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:24498	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:46196	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:28700	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:34260	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30579	P	Security update for mozilla-nspr, mozilla-nss	2020-12-01
oval:org.opensuse.security:def:28689	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:46189	P	Security update for ibus (Important)	2020-12-01
oval:org.opensuse.security:def:24723	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:30686	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:23376	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:28900	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:24859	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:23437	P	Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:32710	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29043	P	Security update for POS_Image3, POS_Server3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24915	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:34735	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:45070	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:29279	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25587	P	Security update for perl-PlRPC (Moderate)	2020-12-01
oval:org.opensuse.security:def:45192	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:35417	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29932	P	Security update for libgnomesu	2020-12-01
oval:org.opensuse.security:def:45495	P	Security update for dovecot22 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29921	P	Security update for libexif	2020-12-01
oval:org.opensuse.security:def:33319	P	vsftpd-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24177	P	Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:33464	P	Security update for kdm	2020-12-01
oval:org.opensuse.security:def:24246	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:46047	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:24685	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:45989	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:33531	P	Security update for Xerces-j2	2020-12-01
oval:org.opensuse.security:def:45872	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:24445	P	Security update for java-1_7_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:46133	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:45871	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:34162	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:30524	P	Security update for inn	2020-12-01
oval:org.opensuse.security:def:34209	P	Security update for perl-PlRPC (Moderate)	2020-12-01
oval:org.opensuse.security:def:28688	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:46001	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:24576	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:30667	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28769	P	Security update for libssh2	2020-12-01
oval:org.opensuse.security:def:34317	P	Security update for rzsz (Moderate)	2020-12-01
oval:org.opensuse.security:def:30628	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:87192	P	Security update for perl-PlRPC (Moderate)	2020-08-14
oval:com.ubuntu.precise:def:20137284000	V	CVE-2013-7284 on Ubuntu 12.04 LTS (precise) - medium.	2014-04-29
oval:com.ubuntu.trusty:def:20137284000	V	CVE-2013-7284 on Ubuntu 14.04 LTS (trusty) - medium.	2014-04-29

BACK