Date: Mon, 23 Jun 2008 14:18:50 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE id request: perl This looks distinct from some older rmtree() issues, so I'm assigning a new number. - Steve ====================================================== Name: CVE-2008-2827 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2827 Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319 Reference: MISC:http://rt.cpan.org/Public/Bug/Display.html?id=36982 The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.