CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 3CVE-2008-5302 – perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
https://notcve.org/view.php?id=CVE-2008-5302
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. Condición de carrera en la función rmtree de File::Path 1.08 y 2.07 (lib/File/Path.pm) en Perl 5.8.8 y 5.10.0 permite a usuarios locales crear binarios setuid arbitrarios a través de un ataque por enlace simbólico. Se trata de una vulnerabilidad diferente que CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/32980 http://secunia.com/advisories/33314 http://secunia.com&#x • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2005-3962
https://notcve.org/view.php?id=CVE-2005-3962
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. • ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://marc.info/?l=full-disclosure&m=113342788118630&w=2 http://secunia. • CWE-189: Numeric Errors •