CVE-2011-4114

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-4114
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.

3.3 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html Patch
http://www.openwall.com/lists/oss-security/2011/11/04/2
http://www.openwall.com/lists/oss-security/2011/11/04/4
https://bugzilla.redhat.com/show_bug.cgi?id=753955 Patch
https://rt.cpan.org/Public/Bug/Display.html?id=69560
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:roderich_schupp:par-packer_module:*:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.63:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.64:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.65:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.66:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.67:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.68:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.69:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.70:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.71:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.72:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.73:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.74:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.75:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.76:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.77:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.78:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.79:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.80:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.81:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.82:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.83:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.85:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.86:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.87:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.88:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.89:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.90:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.91:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.92:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.93:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.94:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.941:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.942:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.951:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.952:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.953:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.954:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.955:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.956:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.957:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.958:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.959:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.960:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.970:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.973:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.975:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.976:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.977:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.978:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.979:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.980:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.981:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.982:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.991:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_01:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_02:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_03:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_04:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_05:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_06:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.000:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.001:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.002:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.003:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.004:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.005:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.006:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.007:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.008:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.009:*:*:*:*:*:*:*
cpe:2.3:a:roderich_schupp:par-packer_module:1.010:*:*:*:*:*:*:*
History

07 Nov 2023, 02:09

Type Values Removed Values Added
Summary The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier. The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
Information

Published : 2012-01-13 18:55

Updated : 2024-02-28 11:41

NVD link : CVE-2011-4114

Mitre link : CVE-2011-4114

CVE.ORG link : CVE-2011-4114

JSON object : View

Products Affected

roderich_schupp

  • par-packer_module
CWE
CWE-264

Permissions, Privileges, and Access Controls