Joined: 12 May 2004
|Posted: Thu Mar 27, 2014 11:26 am Post subject: [ GLSA 201403-08 ] PlRPC: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: PlRPC: Arbitrary code execution (GLSA 201403-08)
Date: March 27, 2014
PlRPC uses Storable which allows for code execution prior to
The Perl RPC Module is a Perl module that implements IDL-free RPCs.
Vulnerable: < 0.202.0-r2
Unaffected: >= 0.202.0-r2
Architectures: All supported architectures
PlRPC uses Storable module for serialization and deserialization of
untrusted data. Deserialized data can contain objects which can lead to
loading of foreign modules, and possible execution of arbitrary code.
A remote attacker could possibly execute
arbitrary code with the privileges of the process, or cause a Denial of
External authentication mechanism can be used with PlRPC such as TLS or
All PlRPC users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-perl/PlRPC-0.202.0-r2"