Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6kly7vhcuuu6uinufhnhfogyuwgim6heonbcix6cuvxbmwi7sy@rviudni63tvk>
Date: Fri, 23 May 2025 15:58:00 +0200
From: Stig Palmquist <stig@...g.io>
To: oss-security@...ts.openwall.com
Subject: Re: Perl 5.40 dir dup bug with threading: security
 consequences

On 2025-05-22 19:11, Vincent Lefevre wrote:
> Hi,
> 
> In February, I reported the following bug in perl:
> 
>   https://github.com/Perl/perl5/issues/23010
> 
> The issue is that under some conditions, perl temporarily changes
> the current working directory at a thread creation, which affects
> the other threads as a consequence: file accesses related to the
> current working directory may actually be done related to another
> directory.
> 
> Perl 5.40 and various earlier versions are affected; the bug was
> introduced in 2010.
> 
> In the corresponding Debian bug
> 
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226
> 
> the perl maintainer thinks that this is not regarded as a serious
> security issue by upstream.
> 
> The following test shows that arbitrary code execution is a possible
> consequence.
[..]

Thank you for the report

CVE-2025-40909 has been assigned, and the Perl security team is looking
into the issue.

Best regards,
-- 
Stig Palmquist

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.