- Description
- Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-362
- Hype score
- Not currently trending
- Red HatThis issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:file\\:\\:path:1.08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA2DEBED-F663-4F03-A7AA-601293DE48BE"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]