Race Condition in Perl's File::Path Function Affects Local Users
CVE-2008-5302

Currently unrated

Key Information:

Vendor: Perl
Status: File\
Vendor: CVE Published:; 1 December 2008

What is CVE-2008-5302?

A race condition exists in the rmtree function of Perl's File::Path module versions 1.08 and 2.07, which enables local users to conduct symlink attacks resulting in the creation of arbitrary setuid binaries. This vulnerability represents a regression tied to prior issues in CVE-2005-0448 and is distinct from other related vulnerabilities due to the specific versions of Perl and File::Path affected.

References

http://secunia.com/advisories/32980

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/47043

vdb-entryx_refsource_XF

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2008
Vulnerability Reserved
Dec 1, 2008