CVE-2011-5060

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
https://bugzilla.redhat.com/show_bug.cgi?id=753955	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
https://rt.cpan.org/Public/Bug/Display.html?id=69560
http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
https://bugzilla.redhat.com/show_bug.cgi?id=753955	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
https://rt.cpan.org/Public/Bug/Display.html?id=69560

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:roderich_schupp:par-packer_module::::::::
	cpe:2.3:a:roderich_schupp:par-packer_module:0.63:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.64:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.65:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.66:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.67:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.68:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.69:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.70:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.71:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.72:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.73:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.74:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.75:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.76:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.77:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.78:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.79:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.80:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.81:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.82:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.83:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.85:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.86:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.87:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.88:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.89:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.90:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.91:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.92:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.93:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.94:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.941:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.942:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.951:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.952:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.953:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.954:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.955:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.956:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.957:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.958:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.959:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.960:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.970:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.973:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.975:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.976:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.977:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.978:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.979:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.980:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.981:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.982:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.991:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_01:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_02:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_03:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_04:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_05:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_06:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:1.000:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:1.001:::::::*

History

21 Nov 2024, 01:33

Type	Values Removed	Values Added
References	~~() http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog -~~	() http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=753955 - Patch~~	() https://bugzilla.redhat.com/show_bug.cgi?id=753955 - Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/72435 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/72435 -
References	~~() https://rt.cpan.org/Public/Bug/Display.html?id=69560 -~~	() https://rt.cpan.org/Public/Bug/Display.html?id=69560 -

Information

Published : 2012-01-13 19:55

Updated : 2024-11-21 01:33

NVD link : CVE-2011-5060

Mitre link : CVE-2011-5060

CVE.ORG link : CVE-2011-5060

JSON object : View

Products Affected

roderich_schupp

par-packer_module

CWE

CWE-264

Permissions, Privileges, and Access Controls

3.3 /10