CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 3CVE-2008-2827 – Perl - 'rmtree()' Function Local Insecure Permissions
https://notcve.org/view.php?id=CVE-2008-2827
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. La función rmtree en lib/File/Path.pm de Perl 5.10 no comprueba correctamente los permisos antes de realizar chmod, lo que permite a usuarios locales modificar los permisos de archivos de su elección mediante un ataque de enlaces simbólicos, una vulnerabilidad distinta a CVE-2005-0448 y CVE-2004-0452. • https://www.exploit-db.com/exploits/31959 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://rt.cpan.org/Public/Bug/Display.html?id=36982 http://secunia.com/advisories/30790 http://secunia.com/advisories/30837 http://secunia.com/advisories/31687 http://www.mandriva.com/security/advisories?name=MDVSA-2008:165 http://www.securityfocus.com/bid/29902 http://www.securitytracker.com/id?1020373 h • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1927 – perl: heap corruption by regular expressions with utf8 characters
https://notcve.org/view.php?id=CVE-2008-1927
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. Vulnerabilidad de doble liberacioón en Perl 5.8.8 permite a los atacantes, dependiendo del contexto, causar una denegación de servicio (corrupción de memoria y caida) a través de expresiones regulares manipuladas conteniendo caracteres UTF8. NOTE: esta característica solo está presente en ciertos sistemas operativos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://osvdb.org/44588 http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156 http://secunia.com/advisories/29948 http://secunia.com/advisories/30025 http://secunia.com/advisories/30326 http://secunia.com/advisories/30624 http://secunia.com/advisories/31208 http://sec • CWE-399: Resource Management Errors •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3962
https://notcve.org/view.php?id=CVE-2005-3962
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://marc.info/?l=full-disclosure&m=113342788118630&w=2 http://secunia. • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2131
https://notcve.org/view.php?id=CVE-2002-2131
Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument. • http://citrustech.net/~chrisj/perl-httpd/INFO.txt http://www.iss.net/security_center/static/10992.php http://www.securityfocus.com/bid/6497 •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2002-1271
https://notcve.org/view.php?id=CVE-2002-1271
The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. El módulo Perl Mail:Mailer en el paquete perl-MailTools 1.47 y anteriores usa mailx como el programa de correo por defecto, lo que permite a atacantes remotos ejecutar comandos arbitrarios insertándolos en el cuerpo del correo, que es entonces procesado por mailx • http://marc.info/?l=bugtraq&m=103659723101369&w=2 http://marc.info/?l=bugtraq&m=103679569705086&w=2 http://www.debian.org/security/2003/dsa-386 http://www.iss.net/security_center/static/10548.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html http://www.securityfocus.com/bid/6104 •