The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-01-13T18:00:00Z
Updated: 2024-08-07T00:01:50.443Z
Reserved: 2011-10-18T00:00:00Z
Link: CVE-2011-4114
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-01-13T18:55:03.843
Modified: 2024-11-21T01:31:52.540
Link: CVE-2011-4114
Redhat
No data.