CVE-2011-5060

Name of the Vulnerable Software and Affected Versions PAR module versions prior to 1.003

Description The issue concerns the par mktmpdir function in the PAR module, which creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory. This allows local users to overwrite files when another user extracts a PAR packed program.

Recommendations For PAR module versions prior to 1.003, update to version 1.003 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory used by the par mktmpdir function to minimize the risk of exploitation.