CVE-2004-0452
Ubuntu Security Notice 44-1
Severity Score
9.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
A race condition and possible information leak has been discovered in Perl's File::Path::rmtree(). This function changes the permission of files and directories before removing them to avoid problems with wrong permissions. However, they were made readable and writable not only for the owner, but for the entire world, which opened a race condition and a possible information leak (if the actual removal of a file/directory failed for some reason).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-05-06 CVE Reserved
- 2004-12-21 CVE Published
- 2024-08-08 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110547693019788&w=2 | Mailing List | |
| http://secunia.com/advisories/12991 | Third Party Advisory | |
| http://secunia.com/advisories/18517 | Third Party Advisory | |
| http://secunia.com/advisories/55314 | Third Party Advisory | |
| http://www.securityfocus.com/bid/12072 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18650 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2004/dsa-620 | 2017-10-11 | |
| http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml | 2017-10-11 | |
| http://www.redhat.com/support/errata/RHSA-2005-103.html | 2017-10-11 |
| URL | Date | SRC |
|---|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U | 2017-10-11 | |
| http://fedoranews.org/updates/FEDORA--.shtml | 2017-10-11 | |
| http://www.redhat.com/support/errata/RHSA-2005-105.html | 2017-10-11 | |
| https://www.ubuntu.com/usn/usn-44-1 | 2017-10-11 | |
| https://access.redhat.com/security/cve/CVE-2004-0452 | 2005-02-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1618363 | 2005-02-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Larry Wall Search vendor "Larry Wall" | Perl Search vendor "Larry Wall" for product "Perl" | 5.6.1 Search vendor "Larry Wall" for product "Perl" and version "5.6.1" | - |
Affected
| ||||||
| Larry Wall Search vendor "Larry Wall" | Perl Search vendor "Larry Wall" for product "Perl" | 5.8.4 Search vendor "Larry Wall" for product "Perl" and version "5.8.4" | - |
Affected
| ||||||