First published: Tue Dec 21 2004(Updated: )
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Perl | =5.6.1 | |
Perl | =5.8.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-0452 has been classified as a moderate severity vulnerability.
To fix CVE-2004-0452, upgrade Perl to a version later than 5.8.4.
CVE-2004-0452 affects users running Perl version 5.6.1 or 5.8.4.
CVE-2004-0452 can be exploited through a symlink attack allowing local users to delete or read files they shouldn't access.
Disabling or restricting the use of the affected File::Path module can serve as a temporary workaround for CVE-2004-0452.