Vulnerability Name:

CVE-2014-10402 (CCN-188632)

Assigned:2014-10-15
Published:2014-10-15
Updated:2022-06-02
Summary:An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN).
Note: this issue exists because of an incomplete fix for CVE-2014-10401.
CVSS v3 Severity:6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
5.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): Low
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-732
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2014-10402

Source: XF
Type: UNKNOWN
perl-cve201410402-info-disc(188632)

Source: CCN
Type: DBI module for Perl GIT Repository
DBI module for Perl

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20220530 [SECURITY] [DLA 3035-1] libdbi-perl security update

Source: CCN
Type: CPAN Bug #99508
DBI: Tables will erroneously be opened in current folder if f_dir set to a relative path

Source: MISC
Type: Exploit, Patch, Third Party Advisory
https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590

Vulnerable Configuration:Configuration 1:
  • cpe:/a:perl:dbi:*:*:*:*:*:*:*:* (Version <= 1.643)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201410402
    V
    		CVE-2014-10402
    2023-06-22
    oval:org.opensuse.security:def:7740
    P
    		perl-DBI-1.642-3.9.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3146
    P
    		libXt6-1.1.4-3.57 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94776
    P
    		perl-DBI-1.642-3.9.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:265
    P
    		perl-DBI-1.642-3.9.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:94449
    P
    		 (Important)
    2022-05-26
    oval:org.opensuse.security:def:1194
    P
    		Security update for the Linux Kernel (Important)
    2022-03-08
    oval:org.opensuse.security:def:113114
    P
    		perl-DBI-1.643-2.7 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64643
    P
    		Security update for kernel-firmware (Low)
    2021-12-30
    oval:org.opensuse.security:def:1790
    P
    		Security update for xorg-x11-server (Important)
    2021-12-14
    oval:org.opensuse.security:def:70327
    P
    		Security update for MozillaFirefox (Important)
    2021-12-10
    oval:org.opensuse.security:def:66984
    P
    		Security update for postgresql13 (Important)
    2021-11-22
    oval:org.opensuse.security:def:106549
    P
    		perl-DBI-1.643-2.7 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:96647
    P
    		libjbig-devel-2.1-1.31 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:96648
    P
    		libjpeg62-62.2.0-5.7.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:49450
    P
    		Security update for php72 (Important)
    2021-09-02
    oval:org.opensuse.security:def:2428
    P
    		python3-avahi-0.7-3.6.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:72024
    P
    		perl-DBI-1.642-3.9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1938
    P
    		ocaml-4.05.0-13.5 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101041
    P
    		perl-DBI-1.642-3.9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62283
    P
    		perl-DBI-1.642-3.9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1937
    P
    		ncurses-devel-32bit-6.1-5.6.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1932
    P
    		libpcp-devel-4.3.1-3.11.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101162
    P
    		gtk2-data-2.24.32+67-2.28 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1934
    P
    		libtidy-devel-5.4.0-3.2.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71778
    P
    		btrfsmaintenance-0.4.2-1.11 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:70432
    P
    		Security update for libgcrypt (Important)
    2021-06-24
    oval:org.opensuse.security:def:64531
    P
    		Security update for python-rsa (Important)
    2021-06-17
    oval:org.opensuse.security:def:74709
    P
    		Security update for snakeyaml (Important)
    2021-06-07
    oval:org.opensuse.security:def:67076
    P
    		Security update for ldb (Important)
    2021-03-24
    oval:org.opensuse.security:def:68325
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:73767
    P
    		Security update for wpa_supplicant (Important)
    2021-02-11
    oval:org.opensuse.security:def:73649
    P
    		Security update for permissions (Moderate)
    2021-01-22
    oval:org.opensuse.security:def:49464
    P
    		Security update for nodejs12 (Moderate)
    2021-01-11
    oval:org.opensuse.security:def:71665
    P
    		minicom-2.7.1-1.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2576
    P
    		Security update for ucode-intel (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:2580
    P
    		Security update for perl-DBI (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:74583
    P
    		Security update for libjpeg-turbo (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51016
    P
    		Security update for perl-DBI (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49433
    P
    		libexempi-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49364
    P
    		yast2-multipath on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64991
    P
    		Security update for xrdp (Important)
    2020-12-01
    oval:org.opensuse.security:def:75053
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:49611
    P
    		accountsservice on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65078
    P
    		Security update for perl-DBI (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49535
    P
    		libXi6-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49580
    P
    		libthai-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49368
    P
    		zoo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:75186
    P
    		Security update for perl-DBI (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50811
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:49683
    P
    		libnma-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49306
    P
    		procmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50865
    P
    		Security update for perl-DBI (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65111
    P
    		Security update for strongswan (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49515
    P
    		gd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:68425
    P
    		Security update for perl-DBI (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49222
    P
    		libproxy-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50959
    P
    		Security update for libqt5-qtbase (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:110881
    P
    		Security update for perl-DBI (Moderate)
    2020-11-27
    oval:org.opensuse.security:def:110333
    P
    		Security update for perl-DBI (Moderate)
    2020-11-26
    oval:org.opensuse.security:def:93393
    P
    		 (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:97368
    P
    		Security update for perl-DBI (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:104058
    P
    		Security update for perl-DBI (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:117343
    P
    		Security update for perl-DBI (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:93551
    P
    		 (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:107828
    P
    		Security update for perl-DBI (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:90403
    P
    		Security update for perl-DBI (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:94357
    P
    		 (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:99908
    P
    		 (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:100245
    P
    		 (Moderate)
    2020-11-19
    BACK
    perl dbi *