Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1386

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-1999-1386
Last Modified 05 Sep 2008 04:19:23
Published 31 Dec 1999 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-1999-1386

Summary

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

Vulnerable Systems

Application

  • Larry Wall Perl 5.4.4


References

BUGTRAQ - 19980308 another /tmp race: `perl -e' opens temp file not safely

CONFIRM - http://www.redhat.com/support/errata/rh50-errata-general.html#perl

XF - perl-e-tmp-symlink(7243)


Last Updated: 27 May 2016 10:35:24