CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452...

4.6CVSS9AI score0.00101EPSS

Exploits2References5

Veracode•added 2020/04/10 12:49 a.m.•23 views

Denial Of Service (DoS)

Perl is vulnerable to Denial Of Service DoS.Due to race conditions occured in the way the File::Path module's rmtree function removed directory trees, a malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permission...

6.9CVSS2AI score0.00028EPSS

Exploits2References24Affected Software1

CNVD•added 2017/06/29 12:0 a.m.•2 views

Multiple Security Bypass Vulnerabilities in File-Path Module

File-Path is a module for creating and removing directory trees. A security vulnerability exists in the 'removetree' and 'rmtree' functions in versions of the File-Path module prior to 2.13. An attacker can exploit this vulnerability to set the mode of arbitrary files...

5.9CVSS6.9AI score0.01383EPSS

Exploits0References1

OSV•added 2017/06/01 12:0 a.m.•1 views

UBUNTU-CVE-2017-6512

Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic...

5.9CVSS7.4AI score0.01383EPSS

Exploits0References5

seebug.org•added 2014/07/01 12:0 a.m.•18 views

Perl 'rmtree()' Function Local Insecure Permissions Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29902/info Computers running Perl are prone to a local vulnerability that occurs when handling symbolic links. Attackers can leverage this issue to change the permissions of arbitrary files. Perl 5.10.0 is vulnerable; oth...

7.1AI score

Exploits0

OSV•added 2008/12/01 5:30 p.m.•6 views

CVE-2008-5303

Race condition in the rmtree function in File::Path 1.08 lib/File/Path.pm in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. ...

6.1AI score

Exploits0References21

NVD•added 2008/12/01 5:30 p.m.•21 views

CVE-2008-5303

6.9CVSS6.1AI score0.00028EPSS

Exploits2References21

Prion•added 2008/12/01 5:30 p.m.•20 views

Race condition

Race condition in the rmtree function in File::Path 1.08 and 2.07 lib/File/Path.pm in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error...

6.9CVSS6.1AI score0.00101EPSS

Exploits5References22

Cvelist•added 2008/12/01 5:0 p.m.•22 views

CVE-2008-5302

7.8AI score0.00047EPSS

Exploits2References22

Debian CVE•added 2008/12/01 5:0 p.m.•44 views

CVE-2008-5302

6.9CVSS5AI score0.00047EPSS

Exploits2

seebug.org•added 2008/06/25 12:0 a.m.•33 views

Perl rmtree()函数本地不安全权限漏洞

BUGTRAQ ID: 29902 CVECAN ID: CVE-2008-2827 Perl是一种免费且功能强大的编程语言。 Perl的lib/File/Path.pm文件中的rmtree函数在执行chmod时没有正确地检查权限： my $nperm = $perm & 07777 | 0600; if $nperm != $perm and not chmod $nperm, $root if $ForceWriteable error$arg, "cannot make file writeable", $canon;...

4.6CVSS0.1AI score0.00101EPSS

Exploits2

Prion•added 2008/06/23 7:41 p.m.•21 views

Design/Logic Flaw

4.6CVSS6AI score0.00101EPSS

Exploits2References11Affected Software1