Secunia Logo
Netsikker nu! 2008
 
Perl "File::Path::rmtree" Insecure chmod on Symbolic Links
Secunia Advisory: SA30790
Release Date: 2008-06-26
Popularity: 2,108 views

Critical:
Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Unpatched

Software:Perl 5.x

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2008-2827


Description:
A vulnerability has been reported in Perl, which can be exploited by malicious, local user to perform actions with escalated privileges.

The vulnerability is caused due to the insecure use of chmod on symbolic links and can be exploited to change permissions of arbitrary files to 0777 via symlink attacks.

The vulnerability is reported in version 5.10.

Solution:
Do not use applications, which use "File::Path::rmtree", on systems with untrusted users.

Provided and/or discovered by:
Reported via a Debian bug report.

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. CA ARCserve Backup Multiple Vulnerabilities // 29 views
2. Subdreamer Light Global Variables SQL Injection Vulnerability // 28 views
3. phpBB Cross Site Scripting and Unspecified Vulnerabilities // 27 views
4. FUJITSU Interstage Products Apache Tomcat Security Bypass // 25 views
5. Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow // 25 views
6. CUPS Multiple Vulnerabilities // 22 views
7. Apple Mac OS X Security Update Fixes Multiple Vulnerabilities // 20 views
8. Fedora update for condor // 19 views
9. Zeroboard Multiple Vulnerabilities // 19 views
10. Gentoo Portage Insecure Python Module Search Path Security Issue // 19 views