First published: Fri Dec 31 1999(Updated: )
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Larry Wall Perl | <=5.4.4 | |
<=5.004_04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.