The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-01-13T18:00:00Z

Updated: 2024-08-07T00:01:50.443Z

Reserved: 2011-10-18T00:00:00Z

Link: CVE-2011-4114

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-01-13T18:55:03.843

Modified: 2024-11-21T01:31:52.540

Link: CVE-2011-4114

cve-icon Redhat

No data.