Published: 17/05/2017 Updated: 02/03/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.

Vulnerable Product	Search on Vulmon	Subscribe to Product
perltidy project perltidy

Debian Bug report logs - #862667 perltidy: CVE-2016-10374 Package: perltidy; Maintainer for perltidy is Don Armstrong <don@debianorg>; Source for perltidy is src:perltidy (PTS, buildd, popcon) Affects: perlcritic, check-all-the-things Reported by: Paul Wise <pabs@debianorg> Date: Sat, 13 Aug 2016 07:12:02 UTC Sever ...

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidyERR symlink that the ...

CWE-59 https://bugs.debian.org/862667 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862667 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-10374

CVE-2016-10374

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect