CVE-2023-47039: Perl: perl for windows binary hijacking vulnerability
First published: Mon Nov 13 2023(Updated: )
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/perl | <5.32.1 | 5.32.1 |
| debian/perl | 5.32.1-4+deb11u3 5.32.1-4+deb11u4 5.36.0-7+deb12u1 5.40.1-2 | |
| All of | ||
| Perl 5.30.0 | <5.32.1 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2249525
- https://access.redhat.com/security/cve/CVE-2023-47039
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746
- https://security.netapp.com/advisory/ntap-20240208-0005/
- https://security-tracker.debian.org/tracker/CVE-2023-47039
- https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability
Frequently Asked Questions
What is the severity of CVE-2023-47039?
CVE-2023-47039 is considered a moderate severity vulnerability due to its reliance on the system path environment variable in Perl.
How do I fix CVE-2023-47039?
To fix CVE-2023-47039, upgrade your Perl installation to 5.32.1 or higher on Red Hat or to the recommended versions on Debian.
Which versions of Perl are affected by CVE-2023-47039?
CVE-2023-47039 affects Perl versions up to but not including 5.32.1 on Red Hat and specific versions on Debian 5.32.1-4+deb11u3, 5.32.1-4+deb11u4, 5.36.0-7+deb12u1, and 5.40.0-8.
On which operating system does CVE-2023-47039 occur?
CVE-2023-47039 occurs on the Windows operating system when using the Perl interpreter.
What impact does CVE-2023-47039 have on system security?
CVE-2023-47039 may lead to untrusted command execution if an executable relies on the vulnerable Perl interpreter's handling of environment paths.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/title
- agent/remedy
- agent/author
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-47039
- agent/software-canonical-lookup
- agent/references
- agent/trending
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- package-manager/redhat
- package-manager/debian
- vendor/perl
- canonical/perl 5.30.0
- vendor/microsoft
- canonical/microsoft windows operating system