oss-sec mailing list archives

Re: CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name

From: Sam James <sam () gentoo org>
Date: Fri, 06 Jun 2025 01:59:11 +0100

Timothy Legge <timlegge () cpansec org> writes:

[...]
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code
Execution when `grep()` encounters a crafted filename.

A file handle is opened with the 2 argument form of `open()` allowing
an attacker controlled filename to provide the MODE parameter to
`open()`, turning the filename into a command to be executed.


FWIW, I've started a broader discussion on the future of 2-arg open on
p5p at https://www.nntp.perl.org/group/perl.perl5.porters/2025/06/msg269996.html.

Current thread:

CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge (Jun 05)
- Re: CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Sam James (Jun 05)
  - Re: CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name Timothy Legge (Jun 05)