Lucene search

K
ubuntucveUbuntu.comUB:CVE-2008-5302
HistoryDec 01, 2008 - 12:00 a.m.

CVE-2008-5302

2008-12-0100:00:00
ubuntu.com
ubuntu.com
13

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

26.5%

Race condition in the rmtree function in File::Path 1.08 and 2.07
(lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create
arbitrary setuid binaries via a symlink attack, a different vulnerability
than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a
regression error related to CVE-2005-0448. It is different from
CVE-2008-5303 due to affected versions.

OSVersionArchitecturePackageVersionFilename
ubuntu7.10noarchperl<ย 5.8.8-7ubuntu3.4UNKNOWN
ubuntu8.04noarchperl<ย 5.8.8-12ubuntu0.3UNKNOWN
ubuntu8.10noarchperl<ย 5.10.0-11.1ubuntu2.2UNKNOWN

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

26.5%