Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24208

HistoryApr 10, 2020 - 12:49 a.m.

Denial Of Service (DoS)

2020-04-1000:49:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

Perl is vulnerable to Denial Of Service (DoS). Due to race conditions occured in the way the File::Path module’s rmtree function removed directory trees, a malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permissions of arbitrary files to be changed to world-writable and setuid, or delete arbitrary files via a symbolic link attack, if the victim had the privileges to change the permissions of the target files or to remove them.

CPENameOperatorVersion
perleq5.8.8__10.el5_2.3
perleq5.8.8__15.el5_2.1
perleq5.8.8__18.el5
perleq5.8.8__18.el5_3.1
perleq5.8.8__10.el5_0.2
perleq5.8.8__27.el5
perleq5.8.8__10.el5_2.3
perleq5.8.8__15.el5_2.1
perleq5.8.8__18.el5
perleq5.8.8__18.el5_3.1

Rows per page:

1-10 of 121

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905

bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36

cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

secunia.com/advisories/32980

secunia.com/advisories/33314

secunia.com/advisories/40052

support.apple.com/kb/HT4077

wiki.rpath.com/Advisories:rPSA-2009-0011

www.debian.org/security/2008/dsa-1678

www.gossamer-threads.com/lists/perl/porters/233695#233695

www.mandriva.com/security/advisories?name=MDVSA-2010:116

www.openwall.com/lists/oss-security/2008/11/28/2

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2010-0458.html

www.securityfocus.com/archive/1/500210/100/0/threaded

www.ubuntu.com/usn/usn-700-1

www.ubuntu.com/usn/usn-700-2

access.redhat.com/errata/RHSA-2010:0458

exchange.xforce.ibmcloud.com/vulnerabilities/47043

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

Related for VERACODE:24208

nessus14 openvas24 debian2 ubuntu2 securityvulns2 centos1 redhat1 gentoo1 debiancve2 prion2 cve2 oraclelinux1 ubuntucve2 seebug1 vmware2 threatpost1