Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.6
CVSSv2

CVE-2012-2451

Published: 27/06/2012 Updated: 29/08/2017
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Config-inifiles

Vulnerability Summary

The Config::IniFiles module prior to 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.

Vulnerable Product Search on Vulmon Subscribe to Product

shlomi fish config-inifiles

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2012-2451: CWE-377 Insecure Temporary File
Debian Bug report logs - #671255 CVE-2012-2451: CWE-377 Insecure Temporary File Package: libconfig-inifiles-perl; Maintainer for libconfig-inifiles-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libconfig-inifiles-perl is src:libconfig-inifiles-perl (PTS, buildd, popcon) Reported by: Hen ...
Ubuntu Security Notice: libconfig-inifiles-perl vulnerability
Config-IniFiles could be made to overwrite arbitrary files ...

References

NVD-CWE-Otherhttp://www.openwall.com/lists/oss-security/2012/05/02/6http://www.osvdb.org/81671http://secunia.com/advisories/48990https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59https://bugzilla.redhat.com/show_bug.cgi?id=818386http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.htmlhttp://www.securityfocus.com/bid/53361http://www.ubuntu.com/usn/USN-1543-1https://exchange.xforce.ibmcloud.com/vulnerabilities/75328https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671255https://usn.ubuntu.com/1543-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook