CVE-2008-5302 — Race Condition in Perl

CWE-362 — Race Condition13 documents7 sources

Severity

6.9MEDIUMNVD

OSV2.6

EPSS

0.0%

top 85.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl Perl File

Timeline

PublishedDec 1

Latest updateMay 14

Description

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶NVDperl/file\

▶debiandebian/perl< perl 5.10.0-18 (bookworm)

▶Debianperl/perl< 5.10.0-18+3

🔴Vulnerability Details

GHSA

GHSA-4m3f-gxf5-6jm9: Race condition in the rmtree function in File::Path 1↗2022-05-14

▶

GHSA

GHSA-8vc4-5x78-9hxf: Race condition in the rmtree function in File::Path 1↗2022-05-14

▶

OSV

CVE-2008-5302: Race condition in the rmtree function in File::Path 1↗2008-12-01

▶

OSV

CVE-2008-5303: Race condition in the rmtree function in File::Path 1↗2008-12-01

▶

📋Vendor Advisories

Ubuntu

Perl regression↗2009-01-15

▶

Ubuntu

Perl vulnerabilities↗2008-12-24

▶

Red Hat

perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1↗2008-11-19

▶

Red Hat

perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1↗2008-11-19

▶

Debian

CVE-2008-5303: perl - Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in P...↗2008

▶

💬Community

Bugzilla

CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1↗2008-11-28

▶