LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

perl: privilege escalation

Package(s):perl CVE #(s):CVE-2008-5302 CVE-2008-5303 CVE-2005-0448 CVE-2004-0452
Created:December 3, 2008 Updated:June 14, 2010
Description:

From the Debian advisory:

Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later.

Alerts:
Mandriva MDVSA-2010:116 2010-06-11
CentOS CESA-2010:0458 2010-06-12
Red Hat RHSA-2010:0458-02 2010-06-07
SuSE SUSE-SR:2009:004 2009-02-17
Ubuntu USN-700-1 2008-12-24
Debian DSA-1678-2 2008-12-21
rPath rPSA-2009-0011-1 2009-01-20
Debian DSA-1678-1 2008-12-03
Ubuntu USN-700-2 2009-01-15
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds