CVE-1999-1386

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:30

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=88932165406213&w=2 - Exploit, Mailing List () http://marc.info/?l=bugtraq&m=88932165406213&w=2 - Exploit, Mailing List
References () http://www.iss.net/security_center/static/7243.php - Broken Link () http://www.iss.net/security_center/static/7243.php - Broken Link
References () http://www.redhat.com/support/errata/rh50-errata-general.html#perl - Broken Link () http://www.redhat.com/support/errata/rh50-errata-general.html#perl - Broken Link

26 Jan 2024, 16:54

Type Values Removed Values Added
References (XF) http://www.iss.net/security_center/static/7243.php - (XF) http://www.iss.net/security_center/static/7243.php - Broken Link
References (CONFIRM) http://www.redhat.com/support/errata/rh50-errata-general.html#perl - (CONFIRM) http://www.redhat.com/support/errata/rh50-errata-general.html#perl - Broken Link
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=88932165406213&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=88932165406213&w=2 - Exploit, Mailing List
CPE cpe:2.3:a:larry_wall:perl:*:*:*:*:*:*:*:* cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-59
CVSS v2 : 2.1
v3 : unknown
v2 : 2.1
v3 : 5.5

Information

Published : 1999-12-31 05:00

Updated : 2024-11-20 23:30


NVD link : CVE-1999-1386

Mitre link : CVE-1999-1386

CVE.ORG link : CVE-1999-1386


JSON object : View

Products Affected

perl

  • perl
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')