Vulnerability Details CVE-2011-4114
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.6%
CVSS Severity
CVSS v2 Score 3.3
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html
- http://www.openwall.com/lists/oss-security/2011/11/04/2
- http://www.openwall.com/lists/oss-security/2011/11/04/4
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.html
- http://www.openwall.com/lists/oss-security/2011/11/04/2
- http://www.openwall.com/lists/oss-security/2011/11/04/4
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
Products affected by CVE-2011-4114
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.63
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.64
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.65
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.66
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.67
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.68
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.69
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.70
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.71
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.72
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.73
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.74
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.75
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.76
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.77
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.78
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.79
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.80
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.81
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.82
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.83
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.85
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.86
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.87
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.88
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.89
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.90
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.91
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.92
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.93
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.94
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.941
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.942
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.951
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.952
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.953
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.954
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.955
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.956
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.957
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.958
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.959
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.960
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.970
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.973
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.975
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.976
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.977
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.978
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.979
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.980
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.981
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.982
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.991
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_01
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_02
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_03
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_04
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_05
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_06
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.000
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.001
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.002
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.003
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.004
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.005
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.006
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.007
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.008
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.009
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.010
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.011