Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |   

Category:   Application (Generic)  >   Perl Vendors:   Wall, Larry
(Oracle Issues Fix for Solaris) Perl rmtree() Race Condition May Let Local Users Create Privileged Binaries
SecurityTracker Alert ID:  1029131
SecurityTracker URL:
CVE Reference:   CVE-2005-0448   (Links to External Site)
Date:  Oct 4 2013
Impact:   Modification of system information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.8.4
Description:   In March 2005, a vulnerability was reported in the rmtree() function in A local user may be able to create set user id (setuid) binaries in certain cases.

A local user can exploit a race condition to create setuid binaries in a directory tree while the directory tree is being deleted by a root level user. The user must have write permissions in that directory tree to exploit this flaw.

Paul Szabo discovered this vulnerability.

Impact:   A local user can create setuid binaries in certain cases.
Solution:   Oracle has issued a fix for Solaris.

The Oracle advisory is available at:

Cause:   Access control error, State error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  10, 11.1

Message History:   This archive entry is a follow-up to the message listed below.
Jun 16 2005 Perl rmtree() Race Condition May Let Local Users Create Privileged Binaries

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search

Content previously copyright LLC placed in the public domain on December 31, 2019.