QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-5302

Back to search

CVE-2008-5302

Published: Dec 1, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.

VendorProductVersions

n/a

n/a

affected
n/a

References

32980
third-party-advisory
x_refsource_SECUNIA
perl-filepath-symlink(47043)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:6890
vdb-entry
signature
x_refsource_OVAL
DSA-1678
vendor-advisory
x_refsource_DEBIAN
USN-700-1
vendor-advisory
x_refsource_UBUNTU
APPLE-SA-2010-03-29-1
vendor-advisory
x_refsource_APPLE
SUSE-SR:2009:004
vendor-advisory
x_refsource_SUSE
33314
third-party-advisory
x_refsource_SECUNIA
20090120 rPSA-2009-0011-1 perl
mailing-list
x_refsource_BUGTRAQ
USN-700-2
vendor-advisory
x_refsource_UBUNTU
oval:org.mitre.oval:def:11076
vdb-entry
signature
x_refsource_OVAL
40052
third-party-advisory
x_refsource_SECUNIA
RHSA-2010:0458
vendor-advisory
x_refsource_REDHAT
MDVSA-2010:116
vendor-advisory
x_refsource_MANDRIVA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now