PT-2006-3774 · Activestate · Activeperl

Publicado

2006-06-06

Atualizado

2017-07-20

CVE-2006-2856

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ActiveState ActivePerl version 5.8.8.817 for Windows

Description The issue allows local users to gain privileges by creating a malicious sitecustomize.pl file in the site/lib directory, due to the directory being configured with "Users" group permissions for changing files.

Recommendations For ActiveState ActivePerl version 5.8.8.817 for Windows, consider restricting write access to the site/lib directory to prevent local users from creating malicious files, such as sitecustomize.pl, until a proper fix is applied.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2856

Produtos afetados

Activeperl

PT-2006-3774 · Activestate · Activeperl

CVE-2006-2856

Identificadores relacionados

Produtos afetados

Referências · 6