1.2
CVSSv2

CVE-2005-0448

Published: 02/05/2005 Updated: 03/10/2018
CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9
VMScore: 107
Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Summary

Race condition in the rmtree function in File::Path.pm in Perl prior to 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.

Affected Products

Vendor Product Versions
Larry WallPerl5.8.0, 5.8.1, 5.8.3, 5.8.4

Vendor Advisories

Synopsis perl security update Type/Severity Security Advisory: Low Topic Updated Perl packages that fix security issues and contain several bugfixes are now available for Red Hat Enterprise Linux 4This update has been rated as having low security impact by the Red HatSecurity Response Team Descri ...
Synopsis perl security update Type/Severity Security Advisory: Moderate Topic Updated Perl packages that fix security issues and bugs are now availablefor Red Hat Enterprise Linux 3This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...
Paul Szabo discovered another vulnerability in the rmtree() function in File::Pathpm While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree ...
Debian Bug report logs - #487319 perl-modules: File::Path::rmtree sets symlink target permissions to 0777 Package: perl-modules; Maintainer for perl-modules is Niko Tyni <ntyni@debianorg>; Source for perl-modules is src:perl (PTS, buildd, popcon) Reported by: Ben Hutchings <ben@decadentorguk> Date: Fri, 20 Jun 200 ...
Paul Szabo discovered another vulnerability in the File::Path::rmtree function of perl, the popular scripting language When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree For th ...