 |
with SecurityTracker! | |
|
|
with SecurityTracker! | |
| Home | View Topics | Search | |
|
|
| Category: Application (Generic) > Perl | Vendors: Wall, Larry |
|
(OpenBSD Issues Fix) Perl File::Path Race Condition in rmtree() and remove_tree() Lets Local Users Modify File Modes
| ||
| SecurityTracker Alert ID: 1038650 | ||
| SecurityTracker URL: https://securitytracker.com/id/1038650 | ||
| CVE Reference: CVE-2017-6512 (Links to External Site) | ||
|
Date: Jun 9 2017
| ||
|
Impact:
Modification of system information | ||
|
Fix Available: Yes Vendor Confirmed: Yes | ||
|
Version(s): File::Path prior to 2.13 | ||
|
Description:
A vulnerability was reported in Perl. A local user can modify the file mode on arbitrary files on the target system. A local user can exploit a race condition in the File::Path rmtree() and remove_tree() functions to set arbitrary mode values on arbitrary files. The vendor was notified on February 28 2017. The cPanel Security Team reported this vulnerability. | ||
|
Impact:
A local user can modify the file mode on arbitrary files on the target system. | ||
|
Solution:
OpenBSD has issued a source code patch, available at: https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/026_perl.patch.sig https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/010_perl.patch.sig | ||
|
Vendor URL: www.openbsd.org/errata61.html (Links to External Site)
| ||
|
Cause:
Access control error, State error | ||
| Underlying OS: UNIX (OpenBSD) | ||
| Underlying OS Comments: 6.0, 6.1 | ||
|
| ||
Message History:
This archive entry is a follow-up to the message listed below.
| ||
Source Message Contents | ||
| ||