CVE-2008-5302
Published Dec 1, 2008
Last updated 6 years ago
Overview
- Description
- Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-362
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatThis issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB" }, { "criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:perl:file\\:\\:path:1.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA2DEBED-F663-4F03-A7AA-601293DE48BE" }, { "criteria": "cpe:2.3:a:perl:file\\:\\:path:2.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "768FC916-07E3-4D66-B1B7-C36B40B64F35" } ], "operator": "OR" } ], "operator": "AND" } ]