File::Find::Rule Arbitrary Code Execution Vulnerability

A vulnerability allowing arbitrary code execution exists in the File::Find::Rule Perl module, affecting versions through 0.34. The issue arises when the 'grep()' function processes a specially crafted filename. This vulnerability is caused by the two-argument form of the 'open()' function, which allows an attacker to manipulate the filename to execute arbitrary commands. Exploitation can be demonstrated by creating a file with a name that includes a command, such as 'id', and then using 'File::Find::Rule' to grep for a pattern that triggers the file handling.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the system where the affected Perl module is used.

Reproduction

To reproduce this vulnerability, create a directory and place a file with a name that includes a command, such as 'id', into it. Then, use the 'File::Find::Rule' module to grep for a pattern in that directory. The crafted filename will be processed in a way that executes the command instead of being treated as a regular file name.

Remediation

Users are advised to update to version 0.35 or later, where this vulnerability has been fixed. Instructions for updating can be found in the Debian LTS advisory DLA-4209-1.