 |
with SecurityTracker! | |
|
|
with SecurityTracker! | |
| Home | View Topics | Search | |
|
|
| Category: Application (Generic) > Perl | Vendors: Wall, Larry |
|
Perl File::Path Race Condition in rmtree() and remove_tree() Lets Local Users Modify File Modes
| ||||
| SecurityTracker Alert ID: 1038610 | ||||
| SecurityTracker URL: https://securitytracker.com/id/1038610 | ||||
| CVE Reference: CVE-2017-6512 (Links to External Site) | ||||
|
Date: Jun 5 2017
| ||||
|
Impact:
Modification of system information | ||||
|
Fix Available: Yes Vendor Confirmed: Yes | ||||
|
Version(s): File::Path prior to 2.13 | ||||
|
Description:
A vulnerability was reported in Perl. A local user can modify the file mode on arbitrary files on the target system. A local user can exploit a race condition in the File::Path rmtree() and remove_tree() functions to set arbitrary mode values on arbitrary files. The vendor was notified on February 28 2017. The cPanel Security Team reported this vulnerability. | ||||
|
Impact:
A local user can modify the file mode on arbitrary files on the target system. | ||||
|
Solution:
The vendor has issued a fix (File::Path extension 2.13). The vendor advisory is available at: http://cpansearch.perl.org/src/JKEENAN/File-Path-2.13/Changes | ||||
|
Vendor URL: cpansearch.perl.org/src/JKEENAN/File-Path-2.13/Changes (Links to External Site)
| ||||
|
Cause:
Access control error, State error | ||||
| Underlying OS: Linux (Any), UNIX (Any) | ||||
|
| ||||
Message History:
This archive entry has one or more follow-up message(s) listed below.
| ||||
Source Message Contents | ||||
|
Subject: Perl | ||||
| ||||