Lucene search

[email protected]NVD:CVE-2011-4114

HistoryJan 13, 2012 - 6:55 p.m.

CVE-2011-4114

2012-01-1318:55:03

CWE-264

[email protected]

web.nvd.nist.gov

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.

Affected configurations

NVD

Node

roderich_schupppar-packer_moduleRange≤1.011

roderich_schupppar-packer_moduleMatch0.63

roderich_schupppar-packer_moduleMatch0.64

roderich_schupppar-packer_moduleMatch0.65

roderich_schupppar-packer_moduleMatch0.66

roderich_schupppar-packer_moduleMatch0.67

roderich_schupppar-packer_moduleMatch0.68

roderich_schupppar-packer_moduleMatch0.69

roderich_schupppar-packer_moduleMatch0.70

roderich_schupppar-packer_moduleMatch0.71

roderich_schupppar-packer_moduleMatch0.72

roderich_schupppar-packer_moduleMatch0.73

roderich_schupppar-packer_moduleMatch0.74

roderich_schupppar-packer_moduleMatch0.75

roderich_schupppar-packer_moduleMatch0.76

roderich_schupppar-packer_moduleMatch0.77

roderich_schupppar-packer_moduleMatch0.78

roderich_schupppar-packer_moduleMatch0.79

roderich_schupppar-packer_moduleMatch0.80

roderich_schupppar-packer_moduleMatch0.81

roderich_schupppar-packer_moduleMatch0.82

roderich_schupppar-packer_moduleMatch0.83

roderich_schupppar-packer_moduleMatch0.85

roderich_schupppar-packer_moduleMatch0.86

roderich_schupppar-packer_moduleMatch0.87

roderich_schupppar-packer_moduleMatch0.88

roderich_schupppar-packer_moduleMatch0.89

roderich_schupppar-packer_moduleMatch0.90

roderich_schupppar-packer_moduleMatch0.91

roderich_schupppar-packer_moduleMatch0.92

roderich_schupppar-packer_moduleMatch0.93

roderich_schupppar-packer_moduleMatch0.94

roderich_schupppar-packer_moduleMatch0.941

roderich_schupppar-packer_moduleMatch0.942

roderich_schupppar-packer_moduleMatch0.951

roderich_schupppar-packer_moduleMatch0.952

roderich_schupppar-packer_moduleMatch0.953

roderich_schupppar-packer_moduleMatch0.954

roderich_schupppar-packer_moduleMatch0.955

roderich_schupppar-packer_moduleMatch0.956

roderich_schupppar-packer_moduleMatch0.957

roderich_schupppar-packer_moduleMatch0.958

roderich_schupppar-packer_moduleMatch0.959

roderich_schupppar-packer_moduleMatch0.960

roderich_schupppar-packer_moduleMatch0.970

roderich_schupppar-packer_moduleMatch0.973

roderich_schupppar-packer_moduleMatch0.975

roderich_schupppar-packer_moduleMatch0.976

roderich_schupppar-packer_moduleMatch0.977

roderich_schupppar-packer_moduleMatch0.978

roderich_schupppar-packer_moduleMatch0.979

roderich_schupppar-packer_moduleMatch0.980

roderich_schupppar-packer_moduleMatch0.981

roderich_schupppar-packer_moduleMatch0.982

roderich_schupppar-packer_moduleMatch0.991

roderich_schupppar-packer_moduleMatch0.992_01

roderich_schupppar-packer_moduleMatch0.992_02

roderich_schupppar-packer_moduleMatch0.992_03

roderich_schupppar-packer_moduleMatch0.992_04

roderich_schupppar-packer_moduleMatch0.992_05

roderich_schupppar-packer_moduleMatch0.992_06

roderich_schupppar-packer_moduleMatch1.000

roderich_schupppar-packer_moduleMatch1.001

roderich_schupppar-packer_moduleMatch1.002

roderich_schupppar-packer_moduleMatch1.003

roderich_schupppar-packer_moduleMatch1.004

roderich_schupppar-packer_moduleMatch1.005

roderich_schupppar-packer_moduleMatch1.006

roderich_schupppar-packer_moduleMatch1.007

roderich_schupppar-packer_moduleMatch1.008

roderich_schupppar-packer_moduleMatch1.009

roderich_schupppar-packer_moduleMatch1.010

References

lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html

lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html

www.openwall.com/lists/oss-security/2011/11/04/2

www.openwall.com/lists/oss-security/2011/11/04/4

bugzilla.redhat.com/show_bug.cgi?id=753955

rt.cpan.org/Public/Bug/Display.html?id=69560

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2011-4114

nessus2 openvas12 prion2 fedora4 debiancve2 cvelist2 cve2 ubuntucve2 nvd1