Vulnerability CVE-2014-10401

Vulnerability Name:

CVE-2014-10401 (CCN-188184)

Assigned:

2014-10-15

Published:

2014-10-15

Updated:

2020-09-30

Summary:

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): Low

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-732

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2014-10401

Source: XF
Type: UNKNOWN
perl-dbi-cve201410401-info-disc(188184)

Source: CCN
Type: dbi GIT Repository
Do not connect DBD::File on non-existing folder in f_dir

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a

Source: MISC
Type: Release Notes, Third Party Advisory
https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014

Source: CCN
Type: Bug #99508
Tables will erroneously be opened in current folder if f_dir set to a relative path

Source: MISC
Type: Third Party Advisory
https://rt.cpan.org/Public/Bug/Display.html?id=99508

Source: UBUNTU
Type: Third Party Advisory
USN-4509-1

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:perl:perl:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201410401	V	CVE-2014-10401	2023-06-22
oval:org.opensuse.security:def:7740	P	perl-DBI-1.642-3.9.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3146	P	libXt6-1.1.4-3.57 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94776	P	perl-DBI-1.642-3.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:265	P	perl-DBI-1.642-3.9.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:94449	P	(Important)	2022-05-26
oval:org.opensuse.security:def:1194	P	Security update for the Linux Kernel (Important)	2022-03-08
oval:org.opensuse.security:def:113114	P	perl-DBI-1.643-2.7 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:64643	P	Security update for kernel-firmware (Low)	2021-12-30
oval:org.opensuse.security:def:1790	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:70327	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:66984	P	Security update for postgresql13 (Important)	2021-11-22
oval:org.opensuse.security:def:106549	P	perl-DBI-1.643-2.7 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:96647	P	libjbig-devel-2.1-1.31 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96648	P	libjpeg62-62.2.0-5.7.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:49450	P	Security update for php72 (Important)	2021-09-02
oval:org.opensuse.security:def:2428	P	python3-avahi-0.7-3.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:72024	P	perl-DBI-1.642-3.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1938	P	ocaml-4.05.0-13.5 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101041	P	perl-DBI-1.642-3.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62283	P	perl-DBI-1.642-3.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1937	P	ncurses-devel-32bit-6.1-5.6.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1932	P	libpcp-devel-4.3.1-3.11.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101162	P	gtk2-data-2.24.32+67-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1934	P	libtidy-devel-5.4.0-3.2.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71778	P	btrfsmaintenance-0.4.2-1.11 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:70432	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:64531	P	Security update for python-rsa (Important)	2021-06-17
oval:org.opensuse.security:def:74709	P	Security update for snakeyaml (Important)	2021-06-07
oval:org.opensuse.security:def:67076	P	Security update for ldb (Important)	2021-03-24
oval:org.opensuse.security:def:68325	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:73767	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:73649	P	Security update for permissions (Moderate)	2021-01-22
oval:org.opensuse.security:def:49464	P	Security update for nodejs12 (Moderate)	2021-01-11
oval:org.opensuse.security:def:71665	P	minicom-2.7.1-1.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2576	P	Security update for ucode-intel (Moderate)	2020-12-02
oval:org.opensuse.security:def:2580	P	Security update for perl-DBI (Moderate)	2020-12-02
oval:org.opensuse.security:def:74583	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:51016	P	Security update for perl-DBI (Moderate)	2020-12-01
oval:org.opensuse.security:def:49433	P	libexempi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49364	P	yast2-multipath on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64991	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:75053	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:49611	P	accountsservice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65078	P	Security update for perl-DBI (Moderate)	2020-12-01
oval:org.opensuse.security:def:49535	P	libXi6-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49580	P	libthai-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49368	P	zoo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:75186	P	Security update for perl-DBI (Moderate)	2020-12-01
oval:org.opensuse.security:def:50811	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:49683	P	libnma-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49306	P	procmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50865	P	Security update for perl-DBI (Moderate)	2020-12-01
oval:org.opensuse.security:def:65111	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:49515	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:68425	P	Security update for perl-DBI (Moderate)	2020-12-01
oval:org.opensuse.security:def:49222	P	libproxy-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50959	P	Security update for libqt5-qtbase (Moderate)	2020-12-01
oval:org.opensuse.security:def:110881	P	Security update for perl-DBI (Moderate)	2020-11-27
oval:org.opensuse.security:def:110333	P	Security update for perl-DBI (Moderate)	2020-11-26
oval:org.opensuse.security:def:93393	P	(Moderate)	2020-11-19
oval:org.opensuse.security:def:97368	P	Security update for perl-DBI (Moderate)	2020-11-19
oval:org.opensuse.security:def:104058	P	Security update for perl-DBI (Moderate)	2020-11-19
oval:org.opensuse.security:def:117343	P	Security update for perl-DBI (Moderate)	2020-11-19
oval:org.opensuse.security:def:93551	P	(Moderate)	2020-11-19
oval:org.opensuse.security:def:107828	P	Security update for perl-DBI (Moderate)	2020-11-19
oval:org.opensuse.security:def:90403	P	Security update for perl-DBI (Moderate)	2020-11-19
oval:org.opensuse.security:def:94357	P	(Moderate)	2020-11-19
oval:org.opensuse.security:def:99908	P	(Moderate)	2020-11-19
oval:org.opensuse.security:def:100245	P	(Moderate)	2020-11-19

BACK