Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2451

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2012-2451
Last Modified 06 Nov 2012 12:11:55
Published 27 Jun 2012 05:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-2451

Summary

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.

Vulnerable Systems

Application

  • Shlomi Fish Config-inifiles 2.70


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=818386

CONFIRM - https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59

OSVDB - 81671

MLIST - [oss-security] 20120502 temporary file issue in Config::IniFiles Config-IniFiles perl-Config-IniFiles

SECUNIA - 48990

FEDORA - FEDORA-2012-7763

FEDORA - FEDORA-2012-7777

FEDORA - FEDORA-2012-7802

XF - config-inifiles-symlink(75328)

BID - 53361

UBUNTU - USN-1543-1


Last Updated: 27 May 2016 10:56:36