Vulnerability Description
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Roderich Schupp | Par-Packer Module | <= 1.011 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.h
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.hPatch
- http://www.openwall.com/lists/oss-security/2011/11/04/2
- http://www.openwall.com/lists/oss-security/2011/11/04/4
- https://bugzilla.redhat.com/show_bug.cgi?id=753955Patch
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071091.h
- http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071099.hPatch
- http://www.openwall.com/lists/oss-security/2011/11/04/2
- http://www.openwall.com/lists/oss-security/2011/11/04/4
- https://bugzilla.redhat.com/show_bug.cgi?id=753955Patch
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
FAQ
What is CVE-2011-4114?
CVE-2011-4114 is a vulnerability with a CVSS score of 3.3 (LOW). The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, ...
How severe is CVE-2011-4114?
CVE-2011-4114 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4114?
Check the references section above for vendor advisories and patch information. Affected products include: Roderich Schupp Par-Packer Module.