Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2008-2827 — Race Condition in Perl
Severity
6.9MEDIUMNVD
NVD4.6OSV2.6
EPSS
0.1%
top 72.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 23
Latest updateMay 14
Description
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
CVSS vector
AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4
Affected Packages4 packages
🔴Vulnerability Details
6💥Exploits & PoCs
1📋Vendor Advisories
6Red Hat▶
perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1↗2008-11-19
Red Hat▶
perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1↗2008-11-19
Debian▶
CVE-2008-5303: perl - Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in P...↗2008
Debian▶
CVE-2008-2827: perl - The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check per...↗2008