Perl vulnerability

2005-03-09T00:00:00
ID USN-94-1
Type ubuntu
Reporter Ubuntu
Modified 2005-03-09T00:00:00

Description

Paul Szabo discovered another vulnerability in the rmtree() function
in File::Path.pm. While a process running as root (or another user)
was busy deleting a directory tree, a different user could exploit a
race condition to create setuid binaries in this directory tree,
provided that he already had write permissions in any subdirectory of
that tree.