Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-5302
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-01 Dec, 2008 | 17:30
Updated At-11 Oct, 2018 | 20:54

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
perl
perl
>>perl>>5.8.8
cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*
perl
perl
>>perl>>5.10.0
cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*
perl
perl
>>file\>>\
cpe:2.3:a:perl:file\:\:path:1.08:*:*:*:*:*:*:*
perl
perl
>>file\>>\
cpe:2.3:a:perl:file\:\:path:2.07:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-362Primarynvd@nist.gov
CWE ID: CWE-362
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2010-06-07T00:00:00

This issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.

References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905cve@mitre.org
Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36cve@mitre.org
Exploit
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705cve@mitre.org
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735cve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlcve@mitre.org
N/A
http://secunia.com/advisories/32980cve@mitre.org
N/A
http://secunia.com/advisories/33314cve@mitre.org
N/A
http://secunia.com/advisories/40052cve@mitre.org
N/A
http://support.apple.com/kb/HT4077cve@mitre.org
N/A
http://wiki.rpath.com/Advisories:rPSA-2009-0011cve@mitre.org
N/A
http://www.debian.org/security/2008/dsa-1678cve@mitre.org
N/A
http://www.gossamer-threads.com/lists/perl/porters/233695#233695cve@mitre.org
Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2010:116cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/11/28/2cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2010-0458.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/500210/100/0/threadedcve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-700-1cve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-700-2cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/47043cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890cve@mitre.org
N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32980
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/33314
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/40052
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4077
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0011
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1678
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gossamer-threads.com/lists/perl/porters/233695#233695
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/11/28/2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0458.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/500210/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-700-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-700-2
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47043
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890
Source: cve@mitre.org
Resource: N/A
Change History
0Changes found
Details not found