Vulnerability Details CVE-2011-5060
The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.9%
CVSS Severity
CVSS v2 Score 3.3
References
- http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
- http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
- https://bugzilla.redhat.com/show_bug.cgi?id=753955
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
Products affected by CVE-2011-5060
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.63
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.64
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.65
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.66
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.67
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.68
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.69
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.70
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.71
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.72
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.73
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.74
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.75
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.76
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.77
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.78
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.79
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.80
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.81
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.82
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.83
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.85
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.86
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.87
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.88
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.89
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.90
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.91
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.92
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.93
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.94
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.941
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.942
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.951
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.952
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.953
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.954
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.955
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.956
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.957
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.958
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.959
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.960
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.970
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.973
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.975
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.976
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.977
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.978
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.979
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.980
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.981
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.982
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.991
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_01
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_02
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_03
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_04
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_05
-
cpe:2.3:a:roderich_schupp:par-packer_module:0.992_06
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.000
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.001
-
cpe:2.3:a:roderich_schupp:par-packer_module:1.002