CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 3CVE-2008-5302 – perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
https://notcve.org/view.php?id=CVE-2008-5302
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. Condición de carrera en la función rmtree de File::Path 1.08 y 2.07 (lib/File/Path.pm) en Perl 5.8.8 y 5.10.0 permite a usuarios locales crear binarios setuid arbitrarios a través de un ataque por enlace simbólico. Se trata de una vulnerabilidad diferente que CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/32980 http://secunia.com/advisories/33314 http://secunia.com&#x • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2008-5303 – perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1
https://notcve.org/view.php?id=CVE-2008-5303
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. Condición de carrera en la función rmtree en File::Path 1.08 (lib/File/Path.pm) en Perl 5.8.8 permite a usuarios locales borrar archivos arbitrarios a través de un ataque de enlace simbólico, una vulnerabilidad diferente a CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. NOTA: esto es un error de regresión relacionado con CVE-2005-0448. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://secunia.com/advisories/32980 http://secunia.com/advisories/33314 http://secunia.com/advisories/40052 http://support.apple.com/kb/HT4077 http://wiki.rp • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1927 – perl: heap corruption by regular expressions with utf8 characters
https://notcve.org/view.php?id=CVE-2008-1927
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. Vulnerabilidad de doble liberacioón en Perl 5.8.8 permite a los atacantes, dependiendo del contexto, causar una denegación de servicio (corrupción de memoria y caida) a través de expresiones regulares manipuladas conteniendo caracteres UTF8. NOTE: esta característica solo está presente en ciertos sistemas operativos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://osvdb.org/44588 http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156 http://secunia.com/advisories/29948 http://secunia.com/advisories/30025 http://secunia.com/advisories/30326 http://secunia.com/advisories/30624 http://secunia.com/advisories/31208 http://sec • CWE-399: Resource Management Errors •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3962
https://notcve.org/view.php?id=CVE-2005-3962
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://marc.info/?l=full-disclosure&m=113342788118630&w=2 http://secunia. • CWE-189: Numeric Errors •