FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0452

This CVE name corresponds to:

Entered Topic
2005-01-21 perl -- File::Path insecure file/directory permissions

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-0452
Phase Assigned(20040506)

Description

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.

References

Source Reference
DEBIAN DSA-620
FEDORA FLSA-2006:152845
GENTOO GLSA-200501-38
REDHAT RHSA-2005:103
REDHAT RHSA-2005:105
SGI 20060101-01-U
UBUNTU USN-44-1
BUGTRAQ 20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)
BID 12072
OVAL oval:org.mitre.oval:def:9938
SECUNIA 12991
SECUNIA 18517
SECUNIA 55314
XF perl-filepathrmtree-insecure-permissions(18650)