cbcvebase.
CVE-2008-2827
published 2008-06-23

CVE-2008-2827: The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the…

PriorityP420medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.85%
53.5th percentile
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianperl< perl 5.10.0-18 (bookworm)perl 5.10.0-18 (bookworm)
debianperl< perl 5.10.0-11 (bookworm)perl 5.10.0-11 (bookworm)
perlfile
perlperl
perlperl>= 0 < 5.10.0-185.10.0-18
perlperl>= 0 < 5.10.0-115.10.0-11
perlperl>= 0 < 5.10.0-185.10.0-18
perlperl>= 0 < 5.10.0-115.10.0-11
perlperl>= 0 < 5.10.0-185.10.0-18
perlperl>= 0 < 5.10.0-115.10.0-11
perlperl>= 0 < 5.10.0-185.10.0-18
perlperl>= 0 < 5.10.0-115.10.0-11

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv2.6LOW
vendor_debian2.6LOW
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.