Skip to main content

Red Hat CVE-2011-10007

| EUVDEUVD-2011-5236 HIGH
OS Command Injection (CWE-78)
2025-06-05 9b29abf9-4ab0-4765-b253-1875cd9b441e
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
7.3 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 17:53 euvd
EUVD-2011-5236
Analysis Generated
Mar 14, 2026 - 17:53 vuln.today
CVE Published
Jun 05, 2025 - 12:15 nvd
HIGH 8.8

DescriptionCVE.org

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep() encounters a crafted filename.

A file handle is opened with the 2 argument form of open() allowing an attacker controlled filename to provide the MODE parameter to open(), turning the filename into a command to be executed.

Example:

$ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)

AnalysisAI

File::Find::Rule through version 0.34 contains an arbitrary code execution vulnerability in the grep() function where attacker-controlled filenames are passed unsafely to Perl's open() function using the 2-argument form, allowing command injection. This affects any Perl application using File::Find::Rule to search files in directories containing maliciously-named files. A proof-of-concept exists demonstrating command execution via filenames containing pipe characters (|), and the vulnerability requires user interaction (UI:R) to trigger by searching a directory with crafted filenames.

Technical ContextAI

File::Find::Rule is a Perl module (CPE: cpe:2.3:a:file_find_rule_project:file_find_rule:*:*:*:*:*:perl:*:*) that provides an object-oriented interface to Perl's File::Find functionality for recursive directory traversal and file filtering. The vulnerability stems from CWE-78 (Improper Neutralization of Special Elements used in an OS Command - 'OS Command Injection'). The root cause is the use of Perl's 2-argument open() form: open(FH, $filename) where $filename is user-controlled. In Perl, this form interprets special characters in the filename as shell metacharacters—a pipe character (|) at the end of a filename causes Perl to execute the string as a command rather than opening it as a file. This is a well-known Perl pitfall that should use the 3-argument form: open(FH, '<', $filename) to safely separate the mode from the filename.

RemediationAI

Upgrade File::Find::Rule to version 0.35 or later. Update via CPAN: cpan File::Find::Rule or perl -MCPAN -e 'install File::Find::Rule' Workaround: If immediate patching is not possible, avoid calling grep() on File::Find::Rule results in directories where untrusted users can create files. Validate or sanitize filenames before processing them. Mitigation: Restrict filesystem write permissions in shared or web-accessible directories. Ensure the Perl process runs with minimal necessary privileges (principle of least privilege) to limit the impact of command execution. Detection: Scan Perl installations for File::Find::Rule version ≤0.34 using: perl -MFile::Find::Rule -e 'print $File::Find::Rule::VERSION'. Monitor application logs for suspicious filenames containing shell metacharacters (|, ;, $(), backticks, etc.) in searched directories.

Vendor StatusVendor

Ubuntu

Priority: Medium
libfile-find-rule-perl
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
upstream released 0.34-4
jammy released 0.34-1ubuntu0.22.04.1
noble released 0.34-3ubuntu0.24.04.1
oracular released 0.34-3ubuntu0.24.10.1
plucky released 0.34-3ubuntu0.25.04.1
questing not-affected 0.34-4

Debian

Bug #1107311
libfile-find-rule-perl
Release Status Fixed Version Urgency
bullseye fixed 0.34-1+deb11u1 -
bullseye (security) fixed 0.34-1+deb11u1 -
bookworm, bookworm (security) fixed 0.34-4~deb12u1 -
trixie fixed 0.34-4 -
forky, sid fixed 0.35-1 -
bookworm fixed 0.34-4~deb12u1 -
(unstable) fixed 0.34-4 -

SUSE

Severity: High
Product Status
SUSE Enterprise Storage 7.1 Fixed
SUSE Liberty Linux 7 LTSS Fixed
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 Fixed

Share

CVE-2011-10007 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy