Remote Code Execution via Crafted Debian Package File

Remote Code Execution via Crafted Debian Package File

CVE-2017-0373 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.

Learn more about our Cis Benchmark Audit For Debian Linux.