{"id":780,"date":"2021-07-23T12:37:59","date_gmt":"2021-07-23T12:37:59","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/cve-2016-1238-perl\/"},"modified":"2021-07-23T12:37:59","modified_gmt":"2021-07-23T12:37:59","slug":"cve-2016-1238-perl","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/cve-2016-1238-perl\/","title":{"rendered":"CVE-2016-1238 Perl"},"content":{"rendered":"<\/p>\n
\n
<\/div>\n
\n

Background Information<\/h2>\n

On July 25 2016, Perl announced a vulnerability in all versions of the Perl 5 software.<\/p>\n

Impact<\/h2>\n

According to Perl development:<\/h2>\n
\n

The problem relates to Perl 5 (\u201cperl\u201d) loading modules from the includes directory array (\u201c@INC\u201d) in which the last element is the current directory (\u201c.\u201d). That means that, when \u201cperl\u201d wants to load a module (during first compilation or during lazy loading of a module in run-time), perl will look for the module in the current directory at the end, since \u2018.\u2019 is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in \u201c.\u201d but are not otherwise installed.<\/p>\n<\/blockquote>\n

Under some conditions, this vulnerability can lead to arbitrary code execution. For example, if you change the current directory to a location to which other users can write.<\/p>\n

Releases<\/h2>\n

cPanel & WHM version 56 and later are already protected. Versions previous to cPanel & WHM version 56 received updates to mitigate this issue as of TSR-2016-0002 for cPanel-provided scripts. Versions greater than the versions listed below are protected:<\/p>\n

    \n
  • 11.50 \u2014 11.50.5.0<\/li>\n
  • 11.52 \u2014 11.52.4.0<\/li>\n
  • 54 \u2014 54.0.18<\/li>\n<\/ul>\n

    For more information about the protections already in place, read our 56 Release Notes.<\/p>\n

    Additional updates have been published to protect upstream-provided Perl 5 scripts shipped in the cPanel-provided Perl distribution for versions previous to 56. Versions greater than the versions listed below include the additional protections for upstream-provided scripts:<\/p>\n

      \n
    • 11.52 \u2014 11.52.6.4<\/li>\n
    • 54 \u2014 54.0.27<\/li>\n<\/ul>\n

      How to determine if your server is up-to-date<\/h2>\n

      For versions 56 and greater, the previously updated RPMs provided by cPanel will contain a changelog entry noting the applied fixes. You can check for the changelog entry in versions 56 and greater with the following command:<\/p>\n

      \n
      rpm -<\/span>q --changelog <\/span>cpanel-<\/span>perl-<\/span>522<\/span> |<\/span> grep \"Remove . from @INC\"<\/span><\/code><\/pre>\n<\/div>\n
      The output should resemble below: <\/p>\n
      \n
      -<\/span> Remove .<\/span> from @INC unless<\/span> the environment variable PERL_USE_UNSAFE_INC=<\/span>1<\/span> is set.<\/span><\/code><\/pre>\n<\/div>\n
      For versions 54 and 52, the updated RPMs provided by cPanel will contain a changelog entry with the CVE number. You can check for the changelog entry in versions 54 and 52 with the following command:\n<\/p>\n
      \n
      rpm -<\/span>q --changelog <\/span>cpanel-<\/span>perl-<\/span>514<\/span> |<\/span> grep CVE-<\/span>2016<\/span>-<\/span>1238<\/span><\/code><\/pre>\n<\/div>\n
      The output should resemble below: <\/p>\n
      \n
      -<\/span> Fix for<\/span> CVE-<\/span>2016<\/span>-<\/span>1238<\/span><\/code><\/pre>\n<\/div>\n
      What to do if you are not up-to-date<\/h2>\n
      If your server is not running one of the above versions, update immediately.<\/p>\n
      To upgrade your server, navigate to WHM\u2019s Upgrade to Latest Version<\/em> interface (WHM >> Home >> cPanel >> Upgrade to Latest Version<\/em>) and click Click to Upgrade<\/em>.<\/p>\n
      To upgrade cPanel from the command line, run the following commands: <\/p>\n
      \n
      \n\n\n
      \n
      1\n<\/span>2\n<\/span><\/code><\/pre>\n<\/td>\n
      		\n
      \/<\/span>scripts<\/span>\/<\/span>upcp<\/span>\n\/<\/span>scripts<\/span>\/<\/span>check_cpanel_rpms<\/span> --<\/span>fix<\/span> --<\/span>long<\/span>-<\/span>list<\/span><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
      For versions 56 and greater, verify the updated Perl RPM was installed:<\/p>\n
      \n
      rpm -<\/span>q --changelog <\/span>cpanel-<\/span>perl-<\/span>522<\/span> |<\/span> grep \"Remove . from @INC\"<\/span><\/code><\/pre>\n<\/div>\n
      The output should resemble below:\n<\/p>\n
      \n
      -<\/span> Remove .<\/span> from @INC unless<\/span> the environment variable PERL_USE_UNSAFE_INC=<\/span>1<\/span> is set.<\/span><\/code><\/pre>\n<\/div>\n
      For versions 54 and 52, verify the updated Perl RPM was installed:\n<\/p>\n
      \n
      rpm -<\/span>q --changelog <\/span>cpanel-<\/span>perl-<\/span>514<\/span> |<\/span> grep CVE-<\/span>2016<\/span>-<\/span>1238<\/span><\/code><\/pre>\n<\/div>\n
      The output should resemble below:\n<\/p>\n
      \n
      -<\/span> Fix for<\/span> CVE-<\/span>2016<\/span>-<\/span>1238<\/span><\/code><\/pre>\n<\/div>\n
      Credit: This issue was discovered and reported by J.D. Lightsey and Todd Rinaldo, courtesy of the cPanel Security Team.<\/p>\n
      CVE: http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-1238<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"
      Background Information On July 25 2016, Perl announced a vulnerability in all versions of the Perl 5 software. Impact According to Perl development: The problem relates to Perl 5 (\u201cperl\u201d) loading modules from the includes directory array (\u201c@INC\u201d) in which the last element is the current directory (\u201c.\u201d). That means that, when \u201cperl\u201d wants to …<\/p>\n","protected":false},"author":1,"featured_media":781,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/780"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=780"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/780\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/781"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}