{"id":"UBUNTU-CVE-2016-1238","details":"(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.","modified":"2026-04-22T10:52:49.785185Z","published":"2016-07-25T00:00:00Z","upstream":["CVE-2016-1238"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-1238"},{"type":"REPORT","url":"http://ledgersmbdev.blogspot.ca/2016/07/notes-on-security-separation-of.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2016-1238"}],"affected":[{"package":{"name":"libsys-syslog-perl","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/libsys-syslog-perl@0.33-1+deb8u1build0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.33-1+deb8u1build0.14.04.1"}]}],"versions":["0.29-1build2","0.33-1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.33-1+deb8u1build0.14.04.1","binary_name":"libsys-syslog-perl"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1238.json"}},{"package":{"name":"perl","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/perl@5.18.2-2ubuntu1.7+esm5?arch=source&distro=esm-infra-legacy/trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.14.2-21build1","5.18.1-4","5.18.1-4build1","5.18.1-5","5.18.2-2","5.18.2-2ubuntu1","5.18.2-2ubuntu1.1","5.18.2-2ubuntu1.3","5.18.2-2ubuntu1.4","5.18.2-2ubuntu1.6","5.18.2-2ubuntu1.7","5.18.2-2ubuntu1.7+esm3","5.18.2-2ubuntu1.7+esm4","5.18.2-2ubuntu1.7+esm5"],"ecosystem_specific":{"binaries":[{"binary_version":"5.18.2-2ubuntu1.7+esm5","binary_name":"libcgi-fast-perl"},{"binary_version":"5.18.2-2ubuntu1.7+esm5","binary_name":"libperl5.18"},{"binary_version":"5.18.2-2ubuntu1.7+esm5","binary_name":"perl"},{"binary_version":"5.18.2-2ubuntu1.7+esm5","binary_name":"perl-base"},{"binary_version":"5.18.2-2ubuntu1.7+esm5","binary_name":"perl-debug"},{"binary_version":"5.18.2-2ubuntu1.7+esm5","binary_name":"perl-modules"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1238.json"}},{"package":{"name":"perl","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/perl@5.22.1-9ubuntu0.9+esm2?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.20.2-6","5.22.1-3","5.22.1-4","5.22.1-5","5.22.1-7","5.22.1-8","5.22.1-9","5.22.1-9ubuntu0.2","5.22.1-9ubuntu0.3","5.22.1-9ubuntu0.5","5.22.1-9ubuntu0.6","5.22.1-9ubuntu0.9","5.22.1-9ubuntu0.9+esm1","5.22.1-9ubuntu0.9+esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"5.22.1-9ubuntu0.9+esm2","binary_name":"libperl5.22"},{"binary_version":"5.22.1-9ubuntu0.9+esm2","binary_name":"perl"},{"binary_version":"5.22.1-9ubuntu0.9+esm2","binary_name":"perl-base"},{"binary_version":"5.22.1-9ubuntu0.9+esm2","binary_name":"perl-debug"},{"binary_version":"5.22.1-9ubuntu0.9+esm2","binary_name":"perl-modules-5.22"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1238.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}