CVE-2011-5060 - OpenCVE

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Roderich Schupp	Par-packer Module

Configuration 1 [-]

OR	cpe:2.3:a:roderich_schupp:par-packer_module::::::::
	cpe:2.3:a:roderich_schupp:par-packer_module:0.63:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.64:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.65:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.66:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.67:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.68:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.69:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.70:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.71:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.72:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.73:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.74:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.75:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.76:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.77:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.78:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.79:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.80:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.81:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.82:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.83:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.85:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.86:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.87:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.88:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.89:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.90:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.91:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.92:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.93:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.94:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.941:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.942:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.951:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.952:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.953:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.954:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.955:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.956:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.957:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.958:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.959:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.960:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.970:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.973:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.975:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.976:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.977:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.978:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.979:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.980:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.981:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.982:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.991:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_01:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_02:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_03:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_04:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_05:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:0.992_06:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:1.000:::::::*
	cpe:2.3:a:roderich_schupp:par-packer_module:1.001:::::::*

No data.

References

Link	Providers
http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog
https://bugzilla.redhat.com/show_bug.cgi?id=753955
https://exchange.xforce.ibmcloud.com/vulnerabilities/72435
https://rt.cpan.org/Public/Bug/Display.html?id=69560

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-01-13T19:00:00

Updated: 2024-08-07T00:23:39.941Z

Reserved: 2012-01-13T00:00:00

Link: CVE-2011-5060

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-01-13T19:55:01.203

Modified: 2017-08-29T01:30:40.287

Link: CVE-2011-5060

Redhat

No data.

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object