Lucene search

K
osvGoogleOSV:DSA-696-1
HistoryMar 22, 2005 - 12:00 a.m.

perl - design flaw

2005-03-2200:00:00
Google
osv.dev
16

EPSS

0.001

Percentile

26.5%

Paul Szabo discovered another vulnerability in the File::Path::rmtree
function of perl, the popular scripting language. When a process is
deleting a directory tree, a different user could exploit a race
condition to create setuid binaries in this directory tree, provided
that he already had write permissions in any subdirectory of that
tree.

For the stable distribution (woody) this problem has been fixed in
version 5.6.1-8.9.

For the unstable distribution (sid) this problem has been fixed in
version 5.8.4-8.

We recommend that you upgrade your perl packages.