// For flags

CVE-2008-5302

perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1

Severity Score

6.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.

Condición de carrera en la función rmtree de File::Path 1.08 y 2.07 (lib/File/Path.pm) en Perl 5.8.8 y 5.10.0 permite a usuarios locales crear binarios setuid arbitrarios a través de un ataque por enlace simbólico. Se trata de una vulnerabilidad diferente que CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. NOTA: Esto es un error de regresión relacionado con CVE-2005-0448. Es diferente de CVE-2008-5303 por las versiones afectadas.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-12-01 CVE Reserved
  • 2008-12-01 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (24)
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Perl
Search vendor "Perl"
File::path
Search vendor "Perl" for product "File::path"
1.08
Search vendor "Perl" for product "File::path" and version "1.08"
-
Affected
in Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.8.8
Search vendor "Perl" for product "Perl" and version "5.8.8"
-
Safe
Perl
Search vendor "Perl"
File::path
Search vendor "Perl" for product "File::path"
1.08
Search vendor "Perl" for product "File::path" and version "1.08"
-
Affected
in Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.0
Search vendor "Perl" for product "Perl" and version "5.10.0"
-
Safe
Perl
Search vendor "Perl"
File::path
Search vendor "Perl" for product "File::path"
2.07
Search vendor "Perl" for product "File::path" and version "2.07"
-
Affected
in Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.8.8
Search vendor "Perl" for product "Perl" and version "5.8.8"
-
Safe
Perl
Search vendor "Perl"
File::path
Search vendor "Perl" for product "File::path"
2.07
Search vendor "Perl" for product "File::path" and version "2.07"
-
Affected
in Perl
Search vendor "Perl"
Perl
Search vendor "Perl" for product "Perl"
5.10.0
Search vendor "Perl" for product "Perl" and version "5.10.0"
-
Safe