CVE-2008-5302

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 Exploit
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/32980
http://secunia.com/advisories/33314
http://secunia.com/advisories/40052
http://support.apple.com/kb/HT4077
http://wiki.rpath.com/Advisories:rPSA-2009-0011
http://www.debian.org/security/2008/dsa-1678
http://www.gossamer-threads.com/lists/perl/porters/233695#233695 Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
http://www.openwall.com/lists/oss-security/2008/11/28/2
http://www.redhat.com/support/errata/RHSA-2010-0458.html
http://www.securityfocus.com/archive/1/500210/100/0/threaded
http://www.ubuntu.com/usn/usn-700-1
http://www.ubuntu.com/usn/usn-700-2
https://exchange.xforce.ibmcloud.com/vulnerabilities/47043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 Exploit
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://secunia.com/advisories/32980
http://secunia.com/advisories/33314
http://secunia.com/advisories/40052
http://support.apple.com/kb/HT4077
http://wiki.rpath.com/Advisories:rPSA-2009-0011
http://www.debian.org/security/2008/dsa-1678
http://www.gossamer-threads.com/lists/perl/porters/233695#233695 Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
http://www.openwall.com/lists/oss-security/2008/11/28/2
http://www.redhat.com/support/errata/RHSA-2010-0458.html
http://www.securityfocus.com/archive/1/500210/100/0/threaded
http://www.ubuntu.com/usn/usn-700-1
http://www.ubuntu.com/usn/usn-700-2
https://exchange.xforce.ibmcloud.com/vulnerabilities/47043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*
OR cpe:2.3:a:perl:file\:\:path:1.08:*:*:*:*:*:*:*
cpe:2.3:a:perl:file\:\:path:2.07:*:*:*:*:*:*:*

History

21 Nov 2024, 00:53

Type Values Removed Values Added
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 - Exploit () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 - Exploit
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 - Exploit () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 - Exploit
References () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 -
References () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 - () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 -
References () http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html - () http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html -
References () http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html -
References () http://secunia.com/advisories/32980 - () http://secunia.com/advisories/32980 -
References () http://secunia.com/advisories/33314 - () http://secunia.com/advisories/33314 -
References () http://secunia.com/advisories/40052 - () http://secunia.com/advisories/40052 -
References () http://support.apple.com/kb/HT4077 - () http://support.apple.com/kb/HT4077 -
References () http://wiki.rpath.com/Advisories:rPSA-2009-0011 - () http://wiki.rpath.com/Advisories:rPSA-2009-0011 -
References () http://www.debian.org/security/2008/dsa-1678 - () http://www.debian.org/security/2008/dsa-1678 -
References () http://www.gossamer-threads.com/lists/perl/porters/233695#233695 - Exploit () http://www.gossamer-threads.com/lists/perl/porters/233695#233695 - Exploit
References () http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 - () http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 -
References () http://www.openwall.com/lists/oss-security/2008/11/28/2 - () http://www.openwall.com/lists/oss-security/2008/11/28/2 -
References () http://www.redhat.com/support/errata/RHSA-2010-0458.html - () http://www.redhat.com/support/errata/RHSA-2010-0458.html -
References () http://www.securityfocus.com/archive/1/500210/100/0/threaded - () http://www.securityfocus.com/archive/1/500210/100/0/threaded -
References () http://www.ubuntu.com/usn/usn-700-1 - () http://www.ubuntu.com/usn/usn-700-1 -
References () http://www.ubuntu.com/usn/usn-700-2 - () http://www.ubuntu.com/usn/usn-700-2 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/47043 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/47043 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890 -

Information

Published : 2008-12-01 17:30

Updated : 2024-11-21 00:53


NVD link : CVE-2008-5302

Mitre link : CVE-2008-5302

CVE.ORG link : CVE-2008-5302


JSON object : View

Products Affected

perl

  • file\
  • perl
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')