Lucene search
MitreCVELIST:CVE-2016-10374HistoryOct 03, 2022 - 4:16 p.m.
CVE-2016-10374
2022-10-0316:16:39
mitre
www.cve.org
perltidy
vulnerability
local users
overwrite
arbitrary files
symlink
symlink attack
perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.
References
Related
ubuntucve
ubuntucve
CVE-2016-10374
2017-05-17 00:00:00
prion
prion
Code injection
2017-05-17 19:29:00
nessus
nessus
RHEL 7 : perltidy (Unpatched Vulnerability)
2024-05-11 00:00:00
Fedora 24 : perltidy (2017-1f11501a9f)
2017-06-13 00:00:00
Fedora 25 : perltidy (2017-a3c7d077c7)
2017-06-12 00:00:00
openvas
openvas
Fedora Update for perltidy FEDORA-2017-1f11501a9f
2017-06-13 00:00:00
Mageia: Security Advisory (MGASA-2017-0301)
2022-01-28 00:00:00
Fedora Update for perltidy FEDORA-2017-a3c7d077c7
2017-06-13 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: perltidy-20170521-1.fc25
2017-06-11 23:33:20
[SECURITY] Fedora 26 Update: perltidy-20170521-1.fc26
2017-06-09 19:53:54
[SECURITY] Fedora 24 Update: perltidy-20170521-1.fc24
2017-06-11 21:52:02
debiancve
debiancve
CVE-2016-10374
2022-10-03 16:16:39
mageia
mageia
Updated perltidy packages fix security vulnerability
2017-08-25 00:18:23
cve
cve
CVE-2016-10374
2022-10-03 16:16:39
redhatcve
redhatcve
CVE-2016-10374
2017-05-18 09:21:53
nvd
nvd
CVE-2016-10374
2017-05-17 19:29:00