PT-2004-1578 · Perl+1 · Perl+1

Paul Szabo

Published

2004-12-21

Updated

2017-10-11

CVE-2004-0452

CVSS v2.0

2.6

Low

Vector

AV:L/AC:H/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Perl versions 5.6.1 through 5.8.4

Description The issue is related to a race condition in the rmtree function within the File::Path module. This condition allows local users to potentially delete arbitrary files and directories, and possibly read files and directories, by exploiting a symlink attack.

Recommendations For versions 5.6.1 through 5.8.4, consider applying configuration changes to restrict file and directory access until a patch is available. As a temporary workaround, restrict the use of the rmtree function in the File::Path module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0452

DSA-1678-1

DSA-620-1

RHSA-2005:103

RHSA-2005:105

RHSA-2005_103

RHSA-2005_105

Affected Products

Perl

Red Hat

PT-2004-1578 · Perl+1 · Perl+1

CVE-2004-0452

Related Identifiers

Affected Products

References · 25