what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2008-5302

Status Candidate

Overview

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.

Related Files

Gentoo Linux Security Advisory 201311-17
Posted Nov 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-17 - Multiple vulnerabilities were found in Perl, the worst of which could allow a local attacker to cause a Denial of Service condition. Versions less than 5.12.3-r1 are affected.

tags | advisory, denial of service, local, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5302, CVE-2008-5303, CVE-2010-1158, CVE-2011-0761, CVE-2011-1487
SHA-256 | 17bc7911b1233ec593e55fce4bd6168ee82f0df54d00136756cc65e61e2a42aa
Mandriva Linux Security Advisory 2010-116
Posted Jun 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-116 - Multiple vulnerabilities has been discovered and corrected in Path.pm and Safe.pm which could lead to escalated privilegies. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-5302, CVE-2008-5303, CVE-2010-1168, CVE-2010-1447
SHA-256 | 278ee32972da2900f2577f8e89442cf702bae4ae30d56a75844b8ed4546a7c97
Ubuntu Security Notice 700-1
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-700-1 - Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue.

tags | advisory, remote, denial of service, arbitrary, local, perl
systems | linux, ubuntu
advisories | CVE-2007-4829, CVE-2008-1927, CVE-2008-5302, CVE-2008-5303
SHA-256 | 4cd9f58b06577565cb8d0f6645a1ecaf732d9f924f3c0b72bfd28ab955c3a7a4
Debian Linux Security Advisory 1678-2
Posted Dec 30, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1678-2 - The perl update in DSA-1678-1 contains a regression which is triggered by some Perl scripts which have changed into the directory tree removed by File::Path::rmtree. In particular, this happens if File::Temp::tempdir is used. This new update corrects this regression.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2008-5302, CVE-2008-5303
SHA-256 | 7a6ee91b53e6aa6c99a93729bd44c00a32faf2e6b49baa69e2c88266c1e40521
Debian Linux Security Advisory 1678-1
Posted Dec 4, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1678-1 - Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later.

tags | advisory, arbitrary, perl
systems | linux, debian
advisories | CVE-2008-5302, CVE-2008-5303
SHA-256 | 3b0a9ceaca5082cebcdc0a65405e3400807ad506649cb0176587ffa4442d6cb4
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close