Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4114

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2011-4114
Last Modified 08 Feb 2012 12:00:00
Published 13 Jan 2012 01:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4114

Summary

The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.

Vulnerable Systems

Application

  • Roderich Schupp Par-packer Module 0.63

  • Roderich Schupp Par-packer Module 0.64

  • Roderich Schupp Par-packer Module 0.65

  • Roderich Schupp Par-packer Module 0.66

  • Roderich Schupp Par-packer Module 0.67

  • Roderich Schupp Par-packer Module 0.68

  • Roderich Schupp Par-packer Module 0.69

  • Roderich Schupp Par-packer Module 0.70

  • Roderich Schupp Par-packer Module 0.71

  • Roderich Schupp Par-packer Module 0.72

  • Roderich Schupp Par-packer Module 0.73

  • Roderich Schupp Par-packer Module 0.74

  • Roderich Schupp Par-packer Module 0.75

  • Roderich Schupp Par-packer Module 0.76

  • Roderich Schupp Par-packer Module 0.77

  • Roderich Schupp Par-packer Module 0.78

  • Roderich Schupp Par-packer Module 0.79

  • Roderich Schupp Par-packer Module 0.80

  • Roderich Schupp Par-packer Module 0.81

  • Roderich Schupp Par-packer Module 0.82

  • Roderich Schupp Par-packer Module 0.83

  • Roderich Schupp Par-packer Module 0.85

  • Roderich Schupp Par-packer Module 0.86

  • Roderich Schupp Par-packer Module 0.87

  • Roderich Schupp Par-packer Module 0.88

  • Roderich Schupp Par-packer Module 0.89

  • Roderich Schupp Par-packer Module 0.90

  • Roderich Schupp Par-packer Module 0.91

  • Roderich Schupp Par-packer Module 0.92

  • Roderich Schupp Par-packer Module 0.93

  • Roderich Schupp Par-packer Module 0.94

  • Roderich Schupp Par-packer Module 0.941

  • Roderich Schupp Par-packer Module 0.942

  • Roderich Schupp Par-packer Module 0.951

  • Roderich Schupp Par-packer Module 0.952

  • Roderich Schupp Par-packer Module 0.953

  • Roderich Schupp Par-packer Module 0.954

  • Roderich Schupp Par-packer Module 0.955

  • Roderich Schupp Par-packer Module 0.956

  • Roderich Schupp Par-packer Module 0.957

  • Roderich Schupp Par-packer Module 0.958

  • Roderich Schupp Par-packer Module 0.959

  • Roderich Schupp Par-packer Module 0.960

  • Roderich Schupp Par-packer Module 0.970

  • Roderich Schupp Par-packer Module 0.973

  • Roderich Schupp Par-packer Module 0.975

  • Roderich Schupp Par-packer Module 0.976

  • Roderich Schupp Par-packer Module 0.977

  • Roderich Schupp Par-packer Module 0.978

  • Roderich Schupp Par-packer Module 0.979

  • Roderich Schupp Par-packer Module 0.980

  • Roderich Schupp Par-packer Module 0.981

  • Roderich Schupp Par-packer Module 0.982

  • Roderich Schupp Par-packer Module 0.991

  • Roderich Schupp Par-packer Module 0.992 01

  • Roderich Schupp Par-packer Module 0.992 02

  • Roderich Schupp Par-packer Module 0.992 03

  • Roderich Schupp Par-packer Module 0.992 04

  • Roderich Schupp Par-packer Module 0.992 05

  • Roderich Schupp Par-packer Module 0.992 06

  • Roderich Schupp Par-packer Module 1.000

  • Roderich Schupp Par-packer Module 1.001

  • Roderich Schupp Par-packer Module 1.002

  • Roderich Schupp Par-packer Module 1.003

  • Roderich Schupp Par-packer Module 1.004

  • Roderich Schupp Par-packer Module 1.005

  • Roderich Schupp Par-packer Module 1.006

  • Roderich Schupp Par-packer Module 1.007

  • Roderich Schupp Par-packer Module 1.008

  • Roderich Schupp Par-packer Module 1.009

  • Roderich Schupp Par-packer Module 1.010

  • Roderich Schupp Par-packer Module 1.011


References

CONFIRM - https://rt.cpan.org/Public/Bug/Display.html?id=69560

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=753955

MLIST - [oss-security] 20111104 Re: CVE request: unsafe use of /tmp in multiple CPAN modules

MLIST - [oss-security] 20111104 CVE request: unsafe use of /tmp in multiple CPAN modules

FEDORA - FEDORA-2011-16856

FEDORA - FEDORA-2011-16859


Last Updated: 27 May 2016 10:57:20