ID CVE-2004-0452
Summary Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
References
Vulnerable Configurations
  • cpe:2.3:a:larry_wall:perl:5.6.1
    cpe:2.3:a:larry_wall:perl:5.6.1
  • cpe:2.3:a:larry_wall:perl:5.8.4
    cpe:2.3:a:larry_wall:perl:5.8.4
CVSS
Base: 2.6 (as of 15-06-2005 - 10:50)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
oval via4
accepted 2013-04-29T04:23:28.128-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
family unix
id oval:org.mitre.oval:def:9938
status accepted
submitted 2010-07-09T03:56:16-04:00
title Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
version 15
redhat via4
advisories
  • rhsa
    id RHSA-2005:103
  • rhsa
    id RHSA-2005:105
rpms
  • perl-suidperl-3:5.8.5-12.1.1
  • perl-3:5.8.5-12.1
  • perl-CGI-2:2.81-89.10
  • perl-DB_File-2:1.804-89.10
  • perl-suidperl-2:5.8.0-89.10
  • perl-CPAN-2:1.61-89.10
  • perl-2:5.8.0-89.10
refmap via4
bid 12072
bugtraq 20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)
debian DSA-620
fedora FLSA-2006:152845
gentoo GLSA-200501-38
secunia
  • 12991
  • 18517
  • 55314
sgi 20060101-01-U
ubuntu USN-44-1
xf perl-filepathrmtree-insecure-permissions(18650)
Last major update 07-12-2016 - 21:59
Published 21-12-2004 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top