Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 161054 - CVE-2005-0448 perl File::Path.pm rmtree race condition
Summary: CVE-2005-0448 perl File::Path.pm rmtree race condition
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: perl
Version: 2.1
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Marcela Mašláňová
QA Contact: David Lawrence
URL:
Whiteboard: impact=low,public=20050309,source=cve...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-20 09:36 UTC by Mark J. Cox
Modified: 2009-08-28 14:10 UTC (History)
0 users

Fixed In Version: 5.6.1-38.EL2_1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-28 14:10:07 UTC


Attachments (Terms of Use)

Description Mark J. Cox 2005-06-20 09:36:28 UTC
+++ This bug was initially created as a clone of Bug #157694 +++

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4
allows local users to create arbitrary setuid binaries in the tree being
deleted, a different vulnerability than CAN-2004-0452.

http://marc.theaimsgroup.com/?l=bugtraq&m=111039131424834&w=2

Comment 1 Jason Vas Dias 2006-04-22 01:23:40 UTC
fixed with perl-5.6.1-38.EL2_1 

Comment 2 Robin Norwood 2006-10-01 23:32:46 UTC
assigning to rnorwood@redhat.com

Comment 3 Mark J. Cox 2007-07-20 11:45:40 UTC
We've not shipped perl-5.6.1-38.EL2_1 therefore leaving open until we do.

Comment 4 Tomas Hoger 2009-08-28 14:10:07 UTC
EL2.1 reached end of life.


Note You need to log in before you can comment on or make changes to this bug.