CVE-2011-5060
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
13/01/2012
Last modified:
11/04/2025
Description
The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.
Impact
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:roderich_schupp:par-packer_module:*:*:*:*:*:*:*:* | 1.002 (including) | |
| cpe:2.3:a:roderich_schupp:par-packer_module:0.63:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.64:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.65:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.66:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.67:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.68:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.69:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.70:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.71:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.72:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.73:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.74:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.75:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roderich_schupp:par-packer_module:0.76:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
- http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
- https://rt.cpan.org/Public/Bug/Display.html?id=69560