Vulnerability Description
The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Roderich Schupp | Par-Packer Module | <= 1.002 |
Related Weaknesses (CWE)
References
- http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
- https://bugzilla.redhat.com/show_bug.cgi?id=753955Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
- http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
- https://bugzilla.redhat.com/show_bug.cgi?id=753955Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
- https://rt.cpan.org/Public/Bug/Display.html?id=69560
FAQ
What is CVE-2011-5060?
CVE-2011-5060 is a vulnerability with a CVSS score of 3.3 (LOW). The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which al...
How severe is CVE-2011-5060?
CVE-2011-5060 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-5060?
Check the references section above for vendor advisories and patch information. Affected products include: Roderich Schupp Par-Packer Module.