- Description
- Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-362
- Hype score
- Not currently trending
- Red HatThis issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB"
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:file\\:\\:path:1.08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA2DEBED-F663-4F03-A7AA-601293DE48BE"
},
{
"criteria": "cpe:2.3:a:perl:file\\:\\:path:2.07:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "768FC916-07E3-4D66-B1B7-C36B40B64F35"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]