Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2008-5302

Published: 01/12/2008 Updated: 11/10/2018
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Perl

Vulnerability Summary

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.

Vulnerable Product Search on Vulmon Subscribe to Product

perl file\\ \\

Vendor Advisories

Ubuntu Security Notice: libarchive-tar-perl, perl vulnerabilities
Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files (CVE-2007-4829) ...
Ubuntu Security Notice: perl regression
USN-700-1 fixed vulnerabilities in Perl Due to problems with the Ubuntu 804 build, some Perl ph files were missing from the resulting update This update fixes the problem We apologize for the inconvenience ...

References

CWE-362http://www.gossamer-threads.com/lists/perl/porters/233695#233695http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905http://www.openwall.com/lists/oss-security/2008/11/28/2http://www.debian.org/security/2008/dsa-1678http://secunia.com/advisories/33314http://www.ubuntu.com/usn/usn-700-1http://wiki.rpath.com/Advisories:rPSA-2009-0011http://www.ubuntu.com/usn/usn-700-2http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://secunia.com/advisories/32980http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://support.apple.com/kb/HT4077http://secunia.com/advisories/40052http://www.mandriva.com/security/advisories?name=MDVSA-2010:116http://www.redhat.com/support/errata/RHSA-2010-0458.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://exchange.xforce.ibmcloud.com/vulnerabilities/47043https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076http://www.securityfocus.com/archive/1/500210/100/0/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/700-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook