Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2827

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-2827
Last Modified 25 Nov 2008 01:42:14
Published 23 Jun 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2827

Summary

The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.

Vulnerable Systems

Application

  • Perl 5.10


References

FEDORA - FEDORA-2008-5739

XF - perl-filepath-rmtree-symlink(43308)

SECTRACK - 1020373

BID - 29902

MANDRIVA - MDVSA-2008:165

SECUNIA - 31687

SECUNIA - 30837

SECUNIA - 30790

MISC - http://rt.cpan.org/Public/Bug/Display.html?id=36982

SUSE - SUSE-SR:2008:017

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319


Last Updated: 27 May 2016 10:48:00