The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:09
Type | Values Removed | Values Added |
---|---|---|
Summary | The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier. |
Information
Published : 2012-01-13 18:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-4114
Mitre link : CVE-2011-4114
CVE.ORG link : CVE-2011-4114
JSON object : View
Products Affected
roderich_schupp
- par-packer_module
CWE
CWE-264
Permissions, Privileges, and Access Controls