CVE-2004-0452

19 documents8 sources
Severity
2.6LOW
EPSS
0.1%
top 83.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Larry Wall Perl
Timeline
PublishedDec 21
Latest updateMay 3

Description

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.

CVSS vector

AV:L/AC:H/C:N/I:P/A:PExploitability: 1.9 | Impact: 4.9

Affected Packages2 packages

Debianperl< 5.8.4-5+3
NVDlarry_wall/perl5.6.1, 5.8.4+1

Patches

Patch: www.debian.orgPatch: www.gentoo.orgPatch: www.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-27g6-7ffq-cf4w: Race condition in the rmtree function in the File::Path module in Perl 52022-05-03
CVEList
CVE-2004-0452: Race condition in the rmtree function in the File::Path module in Perl 52004-12-31
OSV
CVE-2004-0452: Race condition in the rmtree function in the File::Path module in Perl 52004-12-21

📋Vendor Advisories

7
Red Hat
perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-12008-11-19
Red Hat
perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-12008-11-19
Red Hat
perl: insecure use of chmod in rmtree2008-06-20
Red Hat
security flaw2005-03-09
Red Hat
security flaw2004-12-23

💬Community

6
Bugzilla
CVE-2005-0448 security flaw2018-08-16
Bugzilla
CVE-2004-0452 security flaw2018-08-16
Bugzilla
CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-12008-11-28
Bugzilla
CVE-2008-2827 perl: insecure use of chmod in rmtree2008-06-24
Bugzilla
CVE-2005-0448 perl File::Path.pm rmtree race condition2005-06-20
CVE-2004-0452 (LOW CVSS 2.6) | Race condition in the rmtree functi | cvebase.io