CVE-2011-10007: 
Linux Debian vulnerability analysis and mitigation

CVE-2011-10007 affects File::Find::Rule through version 0.34 for Perl. The vulnerability allows arbitrary code execution when the grep() function encounters a crafted filename. The issue was initially reported as a file truncation bug in January 2011 but was later identified as a security vulnerability in June 2025. The vulnerability stems from using the 2-argument form of open(), which allows an attacker-controlled filename to provide the MODE parameter, enabling command execution (OSS Security).

The vulnerability exists in the grep() function implementation where a file handle is opened using the 2-argument form of open(). This implementation allows an attacker to control the MODE parameter through a crafted filename, effectively turning the filename into a command to be executed. The vulnerability is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command). A proof of concept demonstrates the vulnerability by creating a file with a pipe character in its name: mkdir /tmp/poc; echo > "/tmp/poc/|id", which when processed by the vulnerable code executes the id command (OSS Security, NVD).

The vulnerability allows attackers to execute arbitrary commands on the affected system through specially crafted filenames. This can lead to unauthorized command execution with the privileges of the user running the Perl script. The CVSS 3.1 base score is 8.8 (HIGH), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high potential impact on confidentiality, integrity, and availability (NVD).

A patch has been released that fixes the vulnerability by changing to the 3-argument form of open(). Users should update to the fixed version when available, apply the provided patch, or use a patched version provided by their OS distribution. Debian has released security updates (DLA-4209-1 for bullseye and DSA-5936-1 for bookworm) to address this vulnerability (Debian Security, GitHub Patch).

The vulnerability has sparked discussions about the security implications of Perl's 2-argument form of open(). A broader discussion has been initiated on the perl5-porters mailing list regarding the future of 2-argument open in Perl (OSS Security).