PT-2004-1578 · Perl+1 · Perl+1

Paul Szabo

Publicado

2004-12-21

Atualizado

2017-10-11

CVE-2004-0452

CVSS v2.0

2.6

Baixa

Vetor

AV:L/AC:H/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Perl versions 5.6.1 through 5.8.4

Description The issue is related to a race condition in the rmtree function within the File::Path module. This condition allows local users to potentially delete arbitrary files and directories, and possibly read files and directories, by exploiting a symlink attack.

Recommendations For versions 5.6.1 through 5.8.4, consider applying configuration changes to restrict file and directory access until a patch is available. As a temporary workaround, restrict the use of the rmtree function in the File::Path module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-0452

DSA-1678-1

DSA-620-1

RHSA-2005:103

RHSA-2005:105

RHSA-2005_103

RHSA-2005_105

Produtos afetados

Perl

Red Hat

PT-2004-1578 · Perl+1 · Perl+1

CVE-2004-0452

Identificadores relacionados

Produtos afetados

Referências · 25