ID CVE-2008-5302
Summary Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
References
Vulnerable Configurations
  • Perl 5.8.8
    cpe:2.3:a:perl:perl:5.8.8
  • Perl 5.10.0
    cpe:2.3:a:perl:perl:5.10.0
  • cpe:2.3:a:perl:file%3a%3apath:1.08
    cpe:2.3:a:perl:file%3a%3apath:1.08
  • cpe:2.3:a:perl:file%3a%3apath:2.07
    cpe:2.3:a:perl:file%3a%3apath:2.07
CVSS
Base: 6.9 (as of 02-12-2008 - 14:29)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0458.NASL
    description Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. The Safe extension module allows users to compile and execute Perl code in restricted compartments. The File::Path module allows users to create and remove directory trees. The Safe module did not properly restrict the code of implicitly called methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects returned as a result of unsafe code evaluation. These methods could have been executed unrestricted by Safe when such objects were accessed or destroyed. A specially crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions. (CVE-2010-1168) The Safe module did not properly restrict code compiled in a Safe compartment and executed out of the compartment via a subroutine reference returned as a result of unsafe code evaluation. A specially crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions, if the returned subroutine reference was called from outside of the compartment. (CVE-2010-1447) Multiple race conditions were found in the way the File::Path module's rmtree function removed directory trees. A malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permissions of arbitrary files to be changed to world-writable and setuid, or delete arbitrary files via a symbolic link attack, if the victim had the privileges to change the permissions of the target files or to remove them. (CVE-2008-5302, CVE-2008-5303) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton as the original reporter of CVE-2010-1168, and Tim Bunce and Rafael Garcia-Suarez as the original reporters of CVE-2010-1447. These packages upgrade the Safe extension module to version 2.27. Refer to the Safe module's Changes file, linked to in the References, for a full list of changes. Users of perl are advised to upgrade to these updated packages, which correct these issues. All applications using the Safe or File::Path modules must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-12-20
    plugin id 46834
    published 2010-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46834
    title RHEL 5 : perl (RHSA-2010:0458)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-116.NASL
    description Multiple vulnerabilities has been discovered and corrected in Path.pm and Safe.pm which could lead to escalated privilegies (CVE-2008-5302, CVE-2008-5303, CVE-2010-1168, CVE-2010-1447). The updated packages have been patched to correct these issues.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 46878
    published 2010-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46878
    title Mandriva Linux Security Advisory : perl (MDVSA-2010:116)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201311-17.NASL
    description The remote host is affected by the vulnerability described in GLSA-201311-17 (Perl: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact : A local attacker could cause a Denial of Service condition or perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. A context-dependent attacker could cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 71119
    published 2013-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71119
    title GLSA-201311-17 : Perl: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1678.NASL
    description Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 35031
    published 2008-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35031
    title Debian DSA-1678-1 : perl - design flaws
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_PERL-090128.NASL
    description This perl update fixes a race condition in rmtree. (CVE-2008-5302)
    last seen 2018-09-02
    modified 2014-06-13
    plugin id 40295
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40295
    title openSUSE Security Update : perl (perl-482)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0458.NASL
    description Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. The Safe extension module allows users to compile and execute Perl code in restricted compartments. The File::Path module allows users to create and remove directory trees. The Safe module did not properly restrict the code of implicitly called methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects returned as a result of unsafe code evaluation. These methods could have been executed unrestricted by Safe when such objects were accessed or destroyed. A specially crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions. (CVE-2010-1168) The Safe module did not properly restrict code compiled in a Safe compartment and executed out of the compartment via a subroutine reference returned as a result of unsafe code evaluation. A specially crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions, if the returned subroutine reference was called from outside of the compartment. (CVE-2010-1447) Multiple race conditions were found in the way the File::Path module's rmtree function removed directory trees. A malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permissions of arbitrary files to be changed to world-writable and setuid, or delete arbitrary files via a symbolic link attack, if the victim had the privileges to change the permissions of the target files or to remove them. (CVE-2008-5302, CVE-2008-5303) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton as the original reporter of CVE-2010-1168, and Tim Bunce and Rafael Garcia-Suarez as the original reporters of CVE-2010-1447. These packages upgrade the Safe extension module to version 2.27. Refer to the Safe module's Changes file, linked to in the References, for a full list of changes. Users of perl are advised to upgrade to these updated packages, which correct these issues. All applications using the Safe or File::Path modules must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 46874
    published 2010-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46874
    title CentOS 5 : perl (CESA-2010:0458)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-700-2.NASL
    description USN-700-1 fixed vulnerabilities in Perl. Due to problems with the Ubuntu 8.04 build, some Perl .ph files were missing from the resulting update. This update fixes the problem. We apologize for the inconvenience. Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. (CVE-2007-4829) Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. (CVE-2008-1927) A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. (CVE-2008-5302) A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue. (CVE-2008-5303). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 37746
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37746
    title Ubuntu 8.04 LTS : perl regression (USN-700-2)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100607_PERL_ON_SL5_X.NASL
    description Perl is a high-level programming language commonly used for system administration utilities and web programming. The Safe extension module allows users to compile and execute Perl code in restricted compartments. The File::Path module allows users to create and remove directory trees. The Safe module did not properly restrict the code of implicitly called methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects returned as a result of unsafe code evaluation. These methods could have been executed unrestricted by Safe when such objects were accessed or destroyed. A specially crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions. (CVE-2010-1168) The Safe module did not properly restrict code compiled in a Safe compartment and executed out of the compartment via a subroutine reference returned as a result of unsafe code evaluation. A specially crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions, if the returned subroutine reference was called from outside of the compartment. (CVE-2010-1447) Multiple race conditions were found in the way the File::Path module's rmtree function removed directory trees. A malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permissions of arbitrary files to be changed to world-writable and setuid, or delete arbitrary files via a symbolic link attack, if the victim had the privileges to change the permissions of the target files or to remove them. (CVE-2008-5302, CVE-2008-5303) These packages upgrade the Safe extension module to version 2.27. Refer to the Safe module's Changes file at the following link for a full list of changes. http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes All applications using the Safe or File::Path modules must be restarted for this update to take effect. NOTE: SL 50-52 x86_64 releases originally had a perl.i386 package. It was taken out of the x86_64 SL5 distribution and is not part of this security update. If you have one of these earlier SL5 x86_64 distributions and your perl update does not work due to conflicts, you should do a 'yum remove perl.i386' before doing your update on these earlier SL 5 x86_64 releases.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60801
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60801
    title Scientific Linux Security Update : perl on SL5.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-700-1.NASL
    description Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. (CVE-2007-4829) Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. (CVE-2008-1927) A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. (CVE-2008-5302) A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue. (CVE-2008-5303). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 37888
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37888
    title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libarchive-tar-perl, perl vulnerabilities (USN-700-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2010-002.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-002 applied. This security update contains fixes for the following products : - AppKit - Application Firewall - AFP Server - Apache - ClamAV - CoreTypes - CUPS - curl - Cyrus IMAP - Cyrus SASL - Disk Images - Directory Services - Event Monitor - FreeRADIUS - FTP Server - iChat Server - Image RAW - Libsystem - Mail - Mailman - OS Services - Password Server - perl - PHP - PS Normalizer - Ruby - Server Admin - SMB - Tomcat - unzip - vim - Wiki Server - X11 - xar
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 45373
    published 2010-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45373
    title Mac OS X Multiple Vulnerabilities (Security Update 2010-002)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_PERL-090128.NASL
    description This perl update fixes a race condition in rmtree. (CVE-2008-5302)
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 40105
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40105
    title openSUSE Security Update : perl (perl-482)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0458.NASL
    description From Red Hat Security Advisory 2010:0458 : Updated perl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. The Safe extension module allows users to compile and execute Perl code in restricted compartments. The File::Path module allows users to create and remove directory trees. The Safe module did not properly restrict the code of implicitly called methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects returned as a result of unsafe code evaluation. These methods could have been executed unrestricted by Safe when such objects were accessed or destroyed. A specially crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions. (CVE-2010-1168) The Safe module did not properly restrict code compiled in a Safe compartment and executed out of the compartment via a subroutine reference returned as a result of unsafe code evaluation. A specially crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions, if the returned subroutine reference was called from outside of the compartment. (CVE-2010-1447) Multiple race conditions were found in the way the File::Path module's rmtree function removed directory trees. A malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permissions of arbitrary files to be changed to world-writable and setuid, or delete arbitrary files via a symbolic link attack, if the victim had the privileges to change the permissions of the target files or to remove them. (CVE-2008-5302, CVE-2008-5303) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton as the original reporter of CVE-2010-1168, and Tim Bunce and Rafael Garcia-Suarez as the original reporters of CVE-2010-1447. These packages upgrade the Safe extension module to version 2.27. Refer to the Safe module's Changes file, linked to in the References, for a full list of changes. Users of perl are advised to upgrade to these updated packages, which correct these issues. All applications using the Safe or File::Path modules must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 68048
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68048
    title Oracle Linux 5 : perl (ELSA-2010-0458)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0013.NASL
    description a. Service Console update for cpio The service console package cpio is updated to version 2.5-6.RHEL3 for ESX 3.x versions and updated to version 2.6-23.el5_4.1 for ESX 4.x versions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-4268 and CVE-2010-0624 to the issues addressed in the update for ESX 3.x and the names CVE-2007-4476 and CVE-2010-0624 to the issues addressed in the update for ESX 4.x. b. Service Console update for tar The service console package tar is updated to version 1.13.25-16.RHEL3 for ESX 3.x versions and updated to version 1.15.1-23.0.1.el5_4.2 for ESX 4.x versions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0624 to the issue addressed in the update for ESX 3.x and the names CVE-2007-4476 and CVE-2010-0624 to the issues addressed in the update for ESX 4.x. c. Service Console update for samba The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2063 to the issue addressed in this update. Note : The issue mentioned above is present in the Samba server (smbd) and is not present in the Samba client or Samba common packages. To determine if your system has Samba server installed do a 'rpm -q samba`. The following lists when the Samba server is installed on the ESX service console : - ESX 4.0, ESX 4.1 The Samba server is not present on ESX 4.0 and ESX 4.1. - ESX 3.5 The Samba server is present if an earlier patch for Samba has been installed. - ESX 3.0.3 The Samba server is present if ESX 3.0.3 was upgraded from an earlier version of ESX 3 and a Samba patch was installed on that version. The Samba server is not needed to operate the service console and can be be disabled without loss of functionality to the service console. d. Service Console update for krb5 The service console package krb5 is updated to version 1.2.7-72 for ESX 3.x versions and to version 1.6.1-36.el5_5.4 for ESX 4.x versions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1321 to the issue addressed in these updates. e. Service Console update for perl The service console package perl is updated to version 5.8.0-101.EL3 for ESX 3.x versions and version 5.8.8-32.el5_5.1 for ESX 4.x versions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1168 and CVE-2010-1447 to the issues addressed in the update for ESX 3.x and the names CVE-2008-5302, CVE-2008-5303, CVE-2010-1168, and CVE-2010-1447 to the issues addressed in the update for ESX 4.x.
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 49085
    published 2010-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49085
    title VMSA-2010-0013 : VMware ESX third-party updates for Service Console
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0013_REMOTE.NASL
    description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - GNU cpio - GNU cpio on 64-bit - GNU tar - Kerberos 5 - Perl - PostgreSQL - Safe Module for Perl Automagic Methods - Samba smbd
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 89741
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89741
    title VMware ESX Multiple Vulnerabilities (VMSA-2010-0013) (remote check)
oval via4
  • accepted 2013-04-29T04:11:18.738-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
    family unix
    id oval:org.mitre.oval:def:11076
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
    version 18
  • accepted 2014-01-20T04:01:30.072-05:00
    class vulnerability
    contributors
    • name Varun
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
    family unix
    id oval:org.mitre.oval:def:6890
    status accepted
    submitted 2010-10-01T16:37:39.000-05:00
    title VMware ESX,Service Console update for perl.
    version 7
redhat via4
advisories
rhsa
id RHSA-2010:0458
rpms
  • perl-4:5.8.8-32.el5_5.1
  • perl-suidperl-4:5.8.8-32.el5_5.1
refmap via4
apple APPLE-SA-2010-03-29-1
bugtraq 20090120 rPSA-2009-0011-1 perl
confirm
debian DSA-1678
mandriva MDVSA-2010:116
misc http://www.gossamer-threads.com/lists/perl/porters/233695#233695
mlist [oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark
secunia
  • 32980
  • 33314
  • 40052
suse SUSE-SR:2009:004
ubuntu
  • USN-700-1
  • USN-700-2
xf perl-filepath-symlink(47043)
statements via4
contributor Tomas Hoger
lastmodified 2010-06-07
organization Red Hat
statement This issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.
Last major update 07-12-2016 - 22:01
Published 01-12-2008 - 12:30
Last modified 11-10-2018 - 16:54
Back to Top