Vulnerabilites related to perl - file\
Vulnerability from fkie_nvd
Published
2008-12-01 17:30
Modified
2024-11-21 00:53
Severity ?
Summary
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*", matchCriteriaId: "E98D2706-99B7-4153-925B-77A8CECD7CFB", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:perl:file\\:\\:path:1.08:*:*:*:*:*:*:*", matchCriteriaId: "EA2DEBED-F663-4F03-A7AA-601293DE48BE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.", }, { lang: "es", value: "Condición de carrera en la función rmtree en File::Path 1.08 (lib/File/Path.pm) en Perl 5.8.8 permite a usuarios locales borrar archivos arbitrarios a través de un ataque de enlace simbólico, una vulnerabilidad diferente a CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. NOTA: esto es un error de regresión relacionado con CVE-2005-0448. Es diferente a CVE-2008-5302 debido a las versiones afectadas.", }, ], id: "CVE-2008-5303", lastModified: "2024-11-21T00:53:46.777", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-12-01T17:30:01.483", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", }, { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", }, { source: "cve@mitre.org", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { source: "cve@mitre.org", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32980", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33314", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/40052", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT4077", }, { source: "cve@mitre.org", url: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1678", }, { source: "cve@mitre.org", url: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/11/28/2", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2010-0458.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/500210/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-700-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-700-2", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32980", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33314", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/40052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT4077", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1678", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/11/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2010-0458.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/500210/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-700-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-700-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "This issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.\n", lastModified: "2010-06-07T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-12-01 17:30
Modified
2024-11-21 00:53
Severity ?
Summary
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*", matchCriteriaId: "E98D2706-99B7-4153-925B-77A8CECD7CFB", vulnerable: false, }, { criteria: "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*", matchCriteriaId: "9B84C088-F29F-4498-A390-187505361962", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:perl:file\\:\\:path:1.08:*:*:*:*:*:*:*", matchCriteriaId: "EA2DEBED-F663-4F03-A7AA-601293DE48BE", vulnerable: true, }, { criteria: "cpe:2.3:a:perl:file\\:\\:path:2.07:*:*:*:*:*:*:*", matchCriteriaId: "768FC916-07E3-4D66-B1B7-C36B40B64F35", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.", }, { lang: "es", value: "Condición de carrera en la función rmtree de File::Path 1.08 y 2.07 (lib/File/Path.pm) en Perl 5.8.8 y 5.10.0 permite a usuarios locales crear binarios setuid arbitrarios a través de un ataque por enlace simbólico. Se trata de una vulnerabilidad diferente que CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. NOTA: Esto es un error de regresión relacionado con CVE-2005-0448. Es diferente de CVE-2008-5303 por las versiones afectadas.", }, ], id: "CVE-2008-5302", lastModified: "2024-11-21T00:53:46.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-12-01T17:30:01.453", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", }, { source: "cve@mitre.org", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { source: "cve@mitre.org", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32980", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33314", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/40052", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT4077", }, { source: "cve@mitre.org", url: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1678", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/11/28/2", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2010-0458.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/500210/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-700-1", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-700-2", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32980", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33314", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/40052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT4077", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1678", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/11/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2010-0458.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/500210/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-700-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-700-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "This issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.\n", lastModified: "2010-06-07T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2008-5302
Vulnerability from cvelistv5
Published
2008-12-01 17:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:49:12.540Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "32980", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32980", }, { name: "perl-filepath-symlink(47043)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043", }, { name: "oval:org.mitre.oval:def:6890", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", }, { name: "DSA-1678", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1678", }, { name: "USN-700-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-700-1", }, { name: "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/11/28/2", }, { name: "APPLE-SA-2010-03-29-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", }, { name: "SUSE-SR:2009:004", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT4077", }, { name: "33314", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33314", }, { name: "20090120 rPSA-2009-0011-1 perl", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/500210/100/0/threaded", }, { name: "USN-700-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-700-2", }, { name: "oval:org.mitre.oval:def:11076", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { name: "40052", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/40052", }, { name: "RHSA-2010:0458", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0458.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", }, { name: "MDVSA-2010:116", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-11-28T00:00:00", descriptions: [ { lang: "en", value: "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "32980", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32980", }, { name: "perl-filepath-symlink(47043)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043", }, { name: "oval:org.mitre.oval:def:6890", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", }, { name: "DSA-1678", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1678", }, { name: "USN-700-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-700-1", }, { name: "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/11/28/2", }, { name: "APPLE-SA-2010-03-29-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", }, { name: "SUSE-SR:2009:004", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT4077", }, { name: "33314", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33314", }, { name: "20090120 rPSA-2009-0011-1 perl", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/500210/100/0/threaded", }, { name: "USN-700-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-700-2", }, { name: "oval:org.mitre.oval:def:11076", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { name: "40052", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/40052", }, { name: "RHSA-2010:0458", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0458.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", }, { tags: [ "x_refsource_MISC", ], url: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", }, { name: "MDVSA-2010:116", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-5302", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "32980", refsource: "SECUNIA", url: "http://secunia.com/advisories/32980", }, { name: "perl-filepath-symlink(47043)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043", }, { name: "oval:org.mitre.oval:def:6890", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890", }, { name: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", refsource: "CONFIRM", url: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", }, { name: "DSA-1678", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1678", }, { name: "USN-700-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-700-1", }, { name: "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/11/28/2", }, { name: "APPLE-SA-2010-03-29-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", }, { name: "SUSE-SR:2009:004", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { name: "http://support.apple.com/kb/HT4077", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT4077", }, { name: "33314", refsource: "SECUNIA", url: "http://secunia.com/advisories/33314", }, { name: "20090120 rPSA-2009-0011-1 perl", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/500210/100/0/threaded", }, { name: "USN-700-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-700-2", }, { name: "oval:org.mitre.oval:def:11076", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { name: "40052", refsource: "SECUNIA", url: "http://secunia.com/advisories/40052", }, { name: "RHSA-2010:0458", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2010-0458.html", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", }, { name: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", refsource: "MISC", url: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", }, { name: "MDVSA-2010:116", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-5302", datePublished: "2008-12-01T17:00:00", dateReserved: "2008-12-01T00:00:00", dateUpdated: "2024-08-07T10:49:12.540Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-5303
Vulnerability from cvelistv5
Published
2008-12-01 17:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:49:12.751Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "32980", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32980", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", }, { name: "DSA-1678", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1678", }, { name: "USN-700-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-700-1", }, { name: "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/11/28/2", }, { name: "APPLE-SA-2010-03-29-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", }, { name: "oval:org.mitre.oval:def:6680", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT4077", }, { name: "33314", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33314", }, { name: "oval:org.mitre.oval:def:9699", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699", }, { name: "20090120 rPSA-2009-0011-1 perl", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/500210/100/0/threaded", }, { name: "USN-700-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-700-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { name: "40052", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/40052", }, { name: "RHSA-2010:0458", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0458.html", }, { name: "filepath-rmtree-symlink(47044)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", }, { name: "MDVSA-2010:116", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-11-28T00:00:00", descriptions: [ { lang: "en", value: "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "32980", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32980", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", }, { name: "DSA-1678", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1678", }, { name: "USN-700-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-700-1", }, { name: "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/11/28/2", }, { name: "APPLE-SA-2010-03-29-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", }, { name: "oval:org.mitre.oval:def:6680", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT4077", }, { name: "33314", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33314", }, { name: "oval:org.mitre.oval:def:9699", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699", }, { name: "20090120 rPSA-2009-0011-1 perl", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/500210/100/0/threaded", }, { name: "USN-700-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-700-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { name: "40052", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/40052", }, { name: "RHSA-2010:0458", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0458.html", }, { name: "filepath-rmtree-symlink(47044)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", }, { tags: [ "x_refsource_MISC", ], url: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", }, { name: "MDVSA-2010:116", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-5303", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "32980", refsource: "SECUNIA", url: "http://secunia.com/advisories/32980", }, { name: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", refsource: "CONFIRM", url: "http://wiki.rpath.com/Advisories:rPSA-2009-0011", }, { name: "DSA-1678", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1678", }, { name: "USN-700-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-700-1", }, { name: "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/11/28/2", }, { name: "APPLE-SA-2010-03-29-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905", }, { name: "oval:org.mitre.oval:def:6680", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36", }, { name: "http://support.apple.com/kb/HT4077", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT4077", }, { name: "33314", refsource: "SECUNIA", url: "http://secunia.com/advisories/33314", }, { name: "oval:org.mitre.oval:def:9699", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699", }, { name: "20090120 rPSA-2009-0011-1 perl", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/500210/100/0/threaded", }, { name: "USN-700-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-700-2", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", }, { name: "40052", refsource: "SECUNIA", url: "http://secunia.com/advisories/40052", }, { name: "RHSA-2010:0458", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2010-0458.html", }, { name: "filepath-rmtree-symlink(47044)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735", }, { name: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", refsource: "MISC", url: "http://www.gossamer-threads.com/lists/perl/porters/233695#233695", }, { name: "MDVSA-2010:116", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-5303", datePublished: "2008-12-01T17:00:00", dateReserved: "2008-12-01T00:00:00", dateUpdated: "2024-08-07T10:49:12.751Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }