Description Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
CVSS vector AV:L/AC:H/C:N/I:P/A:N Exploitability: 1.9 | Impact: 2.9 Complexity: High
Confidentiality: None
Availability: None
Affected Packages2 packages
🔴 Vulnerability Details3 GHSA GHSA-2jcf-pv2j-gqvq: Race condition in the rmtree function in File::Path ↗ 2022-05-03 ▶ OSV CVE-2005-0448: Race condition in the rmtree function in File::Path ↗ 2005-05-02 ▶ CVEList CVE-2005-0448: Race condition in the rmtree function in File::Path ↗ 2005-03-12 ▶
📋 Vendor Advisories6 Red Hat perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1 ↗ 2008-11-19 ▶ Red Hat perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1 ↗ 2008-11-19 ▶ Red Hat perl: insecure use of chmod in rmtree ↗ 2008-06-20 ▶ Ubuntu Perl vulnerability ↗ 2005-03-09 ▶ Show 1 more
💬 Community5 Bugzilla CVE-2005-0448 security flaw ↗ 2018-08-16 ▶ Bugzilla CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1 ↗ 2008-11-28 ▶ Bugzilla CVE-2008-2827 perl: insecure use of chmod in rmtree ↗ 2008-06-24 ▶ Bugzilla CVE-2005-0448 perl File::Path.pm rmtree race condition ↗ 2005-06-20 ▶ Bugzilla CVE-2005-0448 perl File::Path.pm rmtree race condition ↗ 2005-06-20 ▶