Bug 2370424 (CVE-2011-10007)

Summary: CVE-2011-10007 perl-file-find-rule: File::Find::Rule Arbitrary Code Execution
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: ppisar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in perl-file-find-rule. The `grep()` function within `File::Find::Rule` versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via the `open()` function's mode parameter. Consequently, an attacker can achieve remote code execution by providing a malicious filename.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2370475, 2370476, 2370478, 2370473, 2370474, 2370477    
Bug Blocks:    

Description OSIDB Bzimport 2025-06-05 13:01:14 UTC 
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.

A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.

Example:

$ mkdir /tmp/poc; echo > "/tmp/poc/|id"
$ perl -MFile::Find::Rule \
    -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")'
uid=1000(user) gid=1000(user) groups=1000(user),100(users)
Comment 4 Petr Pisar 2025-06-06 08:51:46 UTC 
Upstream fix <https://github.com/richardc/perl-file-find-rule/pull/4>, allegedly included in new 0.35 version.
Comment 5 Fedora Update System 2025-06-15 00:30:42 UTC 
FEDORA-EPEL-2025-9dcb1aae07 (perl-File-Find-Rule-0.35-1.el10_1) has been pushed to the Fedora EPEL 10.1 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 6 Fedora Update System 2025-06-15 00:33:56 UTC 
FEDORA-EPEL-2025-0d08cf47ee (perl-File-Find-Rule-0.35-1.el10_0) has been pushed to the Fedora EPEL 10.0 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 7 errata-xmlrpc 2025-06-24 11:29:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:9517 https://access.redhat.com/errata/RHSA-2025:9517
Comment 8 errata-xmlrpc 2025-06-25 06:14:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:9605 https://access.redhat.com/errata/RHSA-2025:9605
Comment 9 errata-xmlrpc 2025-06-25 15:56:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:9658 https://access.redhat.com/errata/RHSA-2025:9658
Comment 10 errata-xmlrpc 2025-06-26 06:25:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:9740 https://access.redhat.com/errata/RHSA-2025:9740
Comment 11 errata-xmlrpc 2025-06-26 06:29:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:9741 https://access.redhat.com/errata/RHSA-2025:9741