CVE-2011-4114
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
13/01/2012
Last modified:
11/04/2025
Description
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
Impact
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:roderich_schupp:par-packer_module:*:*:*:*:*:*:*:* | 1.011 (including) | |
| cpe:2.3:a:roderich_schupp:par-packer_module:0.63:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.64:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.65:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.66:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.67:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.68:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.69:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.70:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.71:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.72:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.73:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.74:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.75:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.76:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html
- http://www.openwall.com/lists/oss-security/2011/11/04/2
- http://www.openwall.com/lists/oss-security/2011/11/04/4
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html
- http://www.openwall.com/lists/oss-security/2011/11/04/2
- http://www.openwall.com/lists/oss-security/2011/11/04/4
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://rt.cpan.org/Public/Bug/Display.html?id=69560