PT-2017-3266 · Perl+2 · File-Path+2

Published

2017-04-07

Updated

2024-06-15

CVE-2017-6512

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions File-Path module versions prior to 2.13

Description The issue is related to a race condition in the rmtree and remove tree functions of the File-Path module for Perl. This condition arises due to errors in synchronization when using shared resources, specifically a time-of-check to time-of-use (TOCTOU) vulnerability. The exploitation of this issue could allow a remote attacker to compromise data integrity by setting the mode on arbitrary files through vectors involving directory-permission loosening logic.

Recommendations For versions prior to 2.13, update to version 2.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the rmtree and remove tree functions until a patch is applied.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2018-00023

CVE-2017-6512

DLA-978-1

DSA-3873-1

MGASA-2018-0047

OPENSUSE-SU-2022_3271-1

OPENSUSE-SU-2024:13154-1

SUSE-SU-2017:2951-1

SUSE-SU-2017:3092-1

SUSE-SU-2017_2951-1

SUSE-SU-2021:0449-1

SUSE-SU-2021_0449-1

SUSE-SU-2022:3271-1

SUSE-SU-2022_3271-1

SUSE-SU-2024:1630-1

SUSE-SU-2024_1630-1

USN-3625-1

USN-3625-2

Affected Products

File-Path

Suse

Ubuntu

PT-2017-3266 · Perl+2 · File-Path+2

CVE-2017-6512

Weakness Enumeration

Related Identifiers

Affected Products

References · 57