CVE-2011-4114

Name of the Vulnerable Software and Affected Versions PAR::Packer module versions prior to 1.012

Description The issue concerns the creation of temporary files in a directory with a predictable name by the par mktmpdir function, without verifying the ownership and permissions of this directory. This allows local users to overwrite files when another user extracts a PAR packed program.

Recommendations For PAR::Packer module versions prior to 1.012, update to version 1.012 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory used by the par mktmpdir function to minimize the risk of exploitation.