[email protected]CVE-2008-2827

HistoryJun 23, 2008 - 7:41 p.m.

CVE-2008-2827

2008-06-2319:41:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-2827

perl 5.10

rmtree function

file permissions

symlink attack

vulnerability

5.8 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.0%

JSON

The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.

CPENameOperatorVersion
perl:perlperleq5.10

CPE	Name	Operator	Version
perl:perl	perl	eq	5.10

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319

lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

rt.cpan.org/Public/Bug/Display.html?id=36982

secunia.com/advisories/30790

secunia.com/advisories/30837

secunia.com/advisories/31687

www.mandriva.com/security/advisories?name=MDVSA-2008:165

www.securityfocus.com/bid/29902

www.securitytracker.com/id?1020373

exchange.xforce.ibmcloud.com/vulnerabilities/43308

www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html

5.8 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2008-2827

debiancve5 prion3 ubuntucve5 openvas30 cve4 fedora3 nessus21 seebug1 osv3 gentoo1 securityvulns2 debian5 ubuntu2 freebsd3 redhat4 centos2 oraclelinux1