CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2008-5303 – perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1
https://notcve.org/view.php?id=CVE-2008-5303
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. Condición de carrera en la función rmtree en File::Path 1.08 (lib/File/Path.pm) en Perl 5.8.8 permite a usuarios locales borrar archivos arbitrarios a través de un ataque de enlace simbólico, una vulnerabilidad diferente a CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. NOTA: esto es un error de regresión relacionado con CVE-2005-0448. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://secunia.com/advisories/32980 http://secunia.com/advisories/33314 http://secunia.com/advisories/40052 http://support.apple.com/kb/HT4077 http://wiki.rp • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 3CVE-2008-2827 – Perl - 'rmtree()' Function Local Insecure Permissions
https://notcve.org/view.php?id=CVE-2008-2827
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. La función rmtree en lib/File/Path.pm de Perl 5.10 no comprueba correctamente los permisos antes de realizar chmod, lo que permite a usuarios locales modificar los permisos de archivos de su elección mediante un ataque de enlaces simbólicos, una vulnerabilidad distinta a CVE-2005-0448 y CVE-2004-0452. • https://www.exploit-db.com/exploits/31959 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://rt.cpan.org/Public/Bug/Display.html?id=36982 http://secunia.com/advisories/30790 http://secunia.com/advisories/30837 http://secunia.com/advisories/31687 http://www.mandriva.com/security/advisories?name=MDVSA-2008:165 http://www.securityfocus.com/bid/29902 http://www.securitytracker.com/id?1020373 h • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-1927 – perl: heap corruption by regular expressions with utf8 characters
https://notcve.org/view.php?id=CVE-2008-1927
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. Vulnerabilidad de doble liberacioón en Perl 5.8.8 permite a los atacantes, dependiendo del contexto, causar una denegación de servicio (corrupción de memoria y caida) a través de expresiones regulares manipuladas conteniendo caracteres UTF8. NOTE: esta característica solo está presente en ciertos sistemas operativos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://osvdb.org/44588 http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156 http://secunia.com/advisories/29948 http://secunia.com/advisories/30025 http://secunia.com/advisories/30326 http://secunia.com/advisories/30624 http://secunia.com/advisories/31208 http://sec • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 3%CPEs: 51EXPL: 0CVE-2007-5116 – perl regular expression UTF parsing errors
https://notcve.org/view.php?id=CVE-2007-5116
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Desbordamiento de búfer en el soporte opcode polimórfico del Motor de Expresiones Regulares (regcomp.c) en Perl 5.8 permite a atacantes dependientes de contexto ejecutar código de su elección cambiando de byte a caracteres Unicode (UTF) en una expresión regular. • ftp://aix.software.ibm.com/aix/efixes/security/README http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://marc.info/?l=bugtraq&m=120352263023774&w=2 http://secunia.com/advisories/27479 http://secunia.com/advisories/27515 http://secunia.com/advisories/27531 http://secunia.com/advisories/27546 http://secunia.com/advisories/27548 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2005-4278
https://notcve.org/view.php?id=CVE-2005-4278
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. • http://secunia.com/advisories/17232 http://secunia.com/advisories/55314 http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml http://www.osvdb.org/20086 http://www.securityfocus.com/bid/15120 http://www.vupen.com/english/advisories/2005/2119 •