CVE-2011-4363

Published Oct 7, 2012

Last updated 12 years ago

Overview

Description: ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 4.9
Exploitability score: 1.9
Vector string: AV:L/AC:H/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-59

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:frii:proc\\:\\:processtable:0.45:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F99BC44D-5322-411E-9B58-77BCB68E0E8D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1F3CC502-19A6-4C80-B68F-71107CE9196C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References