CVE-2012-2451

Name of the Vulnerable Software and Affected Versions Config::IniFiles versions prior to 2.71

Description The issue allows local users to potentially overwrite arbitrary files via a symlink attack due to the creation of temporary files with predictable names. It has been reported that this might only be exploitable by writing in the same directory as the .ini file, which could limit the ability to cross privilege boundaries.

Recommendations For versions prior to 2.71, consider updating to version 2.71 or later to resolve the issue. As a temporary workaround, restrict write access to the directory containing the .ini file to minimize the risk of exploitation.